[strongSwan] revoke certification with out "ipsec restart"
Nimo
gnimozyu at gmail.com
Fri Sep 8 02:44:47 CEST 2017
Hi Tobias,
>> I don't want to use "ipsec restart" because other IPsec sessions are
>> disconnected.
>> How can I make enabled the revocation without disconnecting other's
>> IPsec session ?
>
> You used the same crlNumber for your second CRL. So it didn't replace
> the CRL that you loaded before (this is logged as " crl #01 is not
> newer - existing crl #01 retained", so if you read that you'd have known).
Oh!
I checked my shell-script and I found that your point out.
I fix it and they works fine.
I am sorry I wasted your time. and Thank you very much.
---
takumi kadode
2017-09-07 17:58 GMT+09:00 Tobias Brunner <tobias at strongswan.org>:
> Hi Nimo,
>
> > I don't want to use "ipsec restart" because other IPsec sessions are
> > disconnected.
> > How can I make enabled the revocation without disconnecting other's
> > IPsec session ?
>
> You used the same crlNumber for your second CRL. So it didn't replace
> the CRL that you loaded before (this is logged as " crl #01 is not
> newer - existing crl #01 retained", so if you read that you'd have known).
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170908/27a1706c/attachment.html>
More information about the Users
mailing list