Hi Anthony, > ? can strongswan be a OCSP or CDP server Theoretically yes, but you'd have to program a plugin that does that yourself. It would theoretically also be possible to transmit CRLs (RFC 7296) and OCSP (RFC 4806) via IKEv2 certificate payloads, but strongSwan currently doesn't support this. Regards, Tobias