[strongSwan] Help, charon: 03[CFG] issuer of fetched CRL does not match CRL issuer
tobias at strongswan.org
Thu Jul 28 11:29:57 CEST 2011
> Jul 23 12:41:28 lag3 charon: 03[CFG] issuer of fetched CRL 'C=US, ST=CO,
> L=Denver, O=igvpn.com, CN=igvpn.com CA, E=info at igvpn.com' does not match
> CRL issuer '9b:00:ad:ef:3d:af:74:3b:72:6e:28:33:f5:33:4a:6a:e8:77:2e:bb'
It seems your CA certificate contains the X509v3 Subject Key Identifier
extension which in turn means your CRL has to contain the X509v3
Authority Key Identifier extension. Otherwise charon won't be able to
match the two.
More information about the Users