[Openswan Users] ocsp & openswan
david
david2005.p at gmail.com
Tue Jun 14 18:30:14 CEST 2005
hi Andreas,
yes I have done it on both ends of the VPN.
the check to the ocsp server should be automatic ?
regards
david
2005/6/14, Andreas Steffen <andreas.steffen at strongsec.net>:
> Hi David,
>
> have you started the OCSP fetching thread by setting
>
> config setup
> crlcheckinterval=600 # check every 10 minutes
>
> in ipsec.conf ?
>
> Regards
>
> Andreas
>
> david wrote:
> > hi all,
> >
> > I am trying to use the OCSP protocol to check the validity of my certificates.
> > So I have downloaded the libcurl-devel package providing curl headers,
> > I have set USE_LIBCURL to true and HAVE_THREAD to true.
> >
> > And when my CA sign a certificate it adds the following extension on
> > the certificates:
> > Authority Information Access :
> > OCSP - URI:http://195.212.109.202
> >
> > this is the address where my OCSP server is running.
> >
> > So when I manually ask for the validity of a certificate to the OCSP
> > server , it responds correctly.
> >
> > But, when I try manually to establish A VPN with the certificates the
> > ocsp server is not asked.
> >
> > is it normal?
> > is there an ocsp client in pluto or not ?
> > does this check can only be done by a web browser ?
> >
> > david
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
>
> --
> =======================================================================
> Andreas Steffen e-mail: andreas.steffen at strongsec.com
> strongSec GmbH home: http://www.strongsec.com
> Alter Zürichweg 20 phone: +41 1 730 80 64
> CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
> ==========================================[strong internet security]===
>
More information about the Users
mailing list