[strongSwan] OCSP - no signer certificate found
Markus P. Beckhaus
markus at beckhaus.com
Wed Sep 5 16:44:33 CEST 2018
Dear all,
I have set up strongswan to user OCSP as well as CRLs. Both parts are running fine and are reporting certificates as valid.
However, I do have one issue with OCSP checking and that is the abovementioned message “no signer certificate”.
I can add our OCSP signer certificate to /etc/ipsec.d/ocspcerts, but in our case the OCSP signer cert is being renewed in very short intervals, because the signer cert contains the id-pkix-ocsp-nocheck extension.
Any idea how to solve this?
Best Regards
--
Markus P. Beckhaus
beckhaus consulting
Hunsrückstr. 11
55129 Mainz
+49 6131 9073851
+49 171 7945977
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180905/a6b87ddb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2006 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180905/a6b87ddb/attachment.bin>
More information about the Users
mailing list