[strongSwan] OCSP update dime
Anthony.Modster at Teledyne.com
Wed Nov 6 22:31:03 CET 2019
? then what is Andreas referencing, below is the issue reported
the strongSwan IKE daemon will not try to fetch a fresh CRL before the nextUpdate time in the CRL has passed. If you want to revoke IPsec endpoints more quickly then you must either dramatically reduce the lifetime of a CRL e.g. down to an hour or use the Online Certificate Status Protocol (OCSP) which will give you realtime information on the certificate status.
From: Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting>
Sent: Wednesday, November 06, 2019 1:27 PM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] OCSP update dime
The request doesn't really make sense.
There's no OCSP nextUpdate time, that's part of a CRL.
Am 06.11.19 um 00:03 schrieb Modster, Anthony:
> ? what is the nextUpdate time
> ? is it configurable
More information about the Users