[strongSwan] Help, charon: 03[CFG] issuer of fetched CRL does not match CRL issuer
Tobias Brunner
tobias at strongswan.org
Thu Jul 28 11:29:57 CEST 2011
Hi,
> Jul 23 12:41:28 lag3 charon: 03[CFG] issuer of fetched CRL 'C=US, ST=CO,
> L=Denver, O=igvpn.com, CN=igvpn.com CA, E=info at igvpn.com' does not match
> CRL issuer '9b:00:ad:ef:3d:af:74:3b:72:6e:28:33:f5:33:4a:6a:e8:77:2e:bb'
It seems your CA certificate contains the X509v3 Subject Key Identifier
extension which in turn means your CRL has to contain the X509v3
Authority Key Identifier extension. Otherwise charon won't be able to
match the two.
Regards,
Tobias
More information about the Users
mailing list