[strongSwan] OCSP - no signer certificate found

Markus P. Beckhaus markus at beckhaus.com
Wed Sep 5 16:44:33 CEST 2018


Dear all,

I have set up strongswan to user OCSP as well as CRLs. Both parts are running fine and are reporting certificates as valid.

However, I do have one issue with OCSP checking and that is the abovementioned message “no signer certificate”.

I can add our OCSP signer certificate to /etc/ipsec.d/ocspcerts, but in our case the OCSP signer cert is being renewed in very short intervals, because the signer cert contains the id-pkix-ocsp-nocheck extension.

Any idea how to solve this?

Best Regards
--
Markus P. Beckhaus
beckhaus consulting
Hunsrückstr. 11
55129 Mainz

+49 6131 9073851
+49 171 7945977

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180905/a6b87ddb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2006 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180905/a6b87ddb/attachment.bin>


More information about the Users mailing list