[strongSwan] Help, charon: 03[CFG] issuer of fetched CRL does not match CRL issuer

Tobias Brunner tobias at strongswan.org
Thu Jul 28 12:53:05 CEST 2011

Hi Jacky,

Is that your complete openssl.cnf?  Because the crl_ext section has to 
actually be referenced in your CA section.

Something like:

[ ca ]
default_ca = my_ca

[ my_ca ]
dir = /dir/to/ca
# ... other options (see 'man ca')
crl_extensions = crl_ext


More information about the Users mailing list