[strongSwan] CRL revoke

Modster, Anthony Anthony.Modster at Teledyne.com
Sat Nov 16 00:08:10 CET 2019


Hello

? can charon revoke the user cert from a CRL

We are using charon as a client, that has loaded a user cert and a CRL.
strongswan 5.5.1

Sample CRL used to revoke user cert.
root at wglng-17:/etc/swanctl/ourCrl# openssl crl -in Org1.scacrl1 -text -noout
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: /C=US/O=Teledyne Controls Engineering/OU=Systems Engineering/CN=TDY Test SCA 1
        Last Update: Nov 15 21:50:00 2019 GMT
        Next Update: Feb 15 21:50:00 2020 GMT
        CRL extensions:
            X509v3 Authority Key Identifier:
                keyid:92:E1:0F:68:37:91:79:4D:CD:B2:FA:1F:C9:56:39:34:A8:AB:45:EA

            X509v3 CRL Number:
                7
Revoked Certificates:
    Serial Number: 0E
        Revocation Date: Nov 15 21:49:53 2019 GMT
        CRL entry extensions:
            Invalidity Date:
                Nov 15 21:49:00 2019 GMT
            X509v3 CRL Reason Code:
                Certificate Hold
    Signature Algorithm: sha256WithRSAEncryption
         90:1d:3c:70:d6:6a:fb:e5:05:2d:13:46:e9:02:21:51:5b:d5:
         41:67:72:15:ce:5c:96:67:cd:ba:fd:0c:fa:87:b8:52:b7:5e:
         90:4d:c6:5f:c9:c6:78:04:f6:6b:34:99:13:a4:60:0b:7f:f4:
         70:30:9d:eb:17:50:20:6d:2d:f1:43:42:82:a1:c3:6d:6e:dd:
         b0:c3:82:6c:27:ca:4c:46:12:8a:d8:7d:bd:b0:9c:fe:35:22:
         bb:38:06:98:61:22:47:db:aa:90:c2:47:ce:fe:cd:df:e4:4b:
         44:ea:cb:45:1a:4f:77:a1:8d:28:eb:d0:92:2f:e7:31:1a:03:
         be:fa:bc:45:1e:69:e0:f4:60:cb:5f:12:2e:07:1c:9d:79:f1:
         9b:05:54:37:a6:83:14:3e:9d:ce:a8:5b:cf:65:19:58:c2:81:
         7f:f8:be:66:cb:3d:80:45:08:aa:73:34:ca:fd:ab:fb:c6:8a:
         51:af:b2:a1:7a:8a:93:e6:c7:9d:ad:df:93:52:fa:db:4c:7e:
         d3:74:37:8e:89:91:59:61:e1:e9:38:87:86:4d:bf:f6:c4:0b:
         1e:92:13:e4:71:d2:05:14:c8:d4:d1:37:b3:2d:9f:1d:52:68:
         fe:36:03:6c:d9:19:11:c7:18:63:fa:c5:2d:b8:39:31:83:3b:
         77:72:07:97

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191115/996660df/attachment.html>


More information about the Users mailing list