[strongSwan] CRL response with Strongswan 4

Andreas Steffen andreas.steffen at strongswan.org
Mon Nov 26 12:44:40 CET 2012 

Hi Fabrice,

can you fetch the CRLs manually e.g. using wget:

  wget http://crl1.igc.education.fr/agriates.crl

  wegt http://crl2.igc.education.fr/agriates.crl

If no then the webservers or the CRL files are not
available or a firewall is blocking http port 80.

If yes, has the the curl plugin been loaded by strongSwan?

Regards

Andreas

On 26.11.2012 12:31, Fabrice Barconnière wrote:
> Hello,
> 
> What can i verify with this CRL problem ?
> 
> Nov 22 16:23:05 sphynxtestha1 charon: 15[IKE] received end entity cert 
> "C=fr, O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   using certificate "C=fr, 
> O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   using trusted ca 
> certificate "C=fr, O=gouv, CN=RACINE AGRIATES"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] checking certificate 
> status of "C=fr, O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   fetching crl from 
> 'http://crl1.igc.education.fr/agriates.crl' ...
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   using trusted 
> certificate "C=fr, O=gouv, CN=RACINE AGRIATES"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] crl response verification 
> failed
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   fetching crl from 
> 'http://crl2.igc.education.fr/agriates.crl' ...
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   using trusted 
> certificate "C=fr, O=gouv, CN=RACINE AGRIATES"
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] crl response verification 
> failed
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] certificate status is not 
> available
> Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG]   reached self-signed root 
> ca with a path length of 0
> Nov 22 16:23:05 sphynxtestha1 charon: 15[IKE] authentication of 'C=fr, 
> O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15' with RSA signature 
> successful
> 


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121126/42c9ca06/attachment.bin>

More information about the Users mailing list