[strongSwan] CRL revoke
Modster, Anthony
Anthony.Modster at Teledyne.com
Sat Nov 16 00:08:10 CET 2019
Hello
? can charon revoke the user cert from a CRL
We are using charon as a client, that has loaded a user cert and a CRL.
strongswan 5.5.1
Sample CRL used to revoke user cert.
root at wglng-17:/etc/swanctl/ourCrl# openssl crl -in Org1.scacrl1 -text -noout
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/O=Teledyne Controls Engineering/OU=Systems Engineering/CN=TDY Test SCA 1
Last Update: Nov 15 21:50:00 2019 GMT
Next Update: Feb 15 21:50:00 2020 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:92:E1:0F:68:37:91:79:4D:CD:B2:FA:1F:C9:56:39:34:A8:AB:45:EA
X509v3 CRL Number:
7
Revoked Certificates:
Serial Number: 0E
Revocation Date: Nov 15 21:49:53 2019 GMT
CRL entry extensions:
Invalidity Date:
Nov 15 21:49:00 2019 GMT
X509v3 CRL Reason Code:
Certificate Hold
Signature Algorithm: sha256WithRSAEncryption
90:1d:3c:70:d6:6a:fb:e5:05:2d:13:46:e9:02:21:51:5b:d5:
41:67:72:15:ce:5c:96:67:cd:ba:fd:0c:fa:87:b8:52:b7:5e:
90:4d:c6:5f:c9:c6:78:04:f6:6b:34:99:13:a4:60:0b:7f:f4:
70:30:9d:eb:17:50:20:6d:2d:f1:43:42:82:a1:c3:6d:6e:dd:
b0:c3:82:6c:27:ca:4c:46:12:8a:d8:7d:bd:b0:9c:fe:35:22:
bb:38:06:98:61:22:47:db:aa:90:c2:47:ce:fe:cd:df:e4:4b:
44:ea:cb:45:1a:4f:77:a1:8d:28:eb:d0:92:2f:e7:31:1a:03:
be:fa:bc:45:1e:69:e0:f4:60:cb:5f:12:2e:07:1c:9d:79:f1:
9b:05:54:37:a6:83:14:3e:9d:ce:a8:5b:cf:65:19:58:c2:81:
7f:f8:be:66:cb:3d:80:45:08:aa:73:34:ca:fd:ab:fb:c6:8a:
51:af:b2:a1:7a:8a:93:e6:c7:9d:ad:df:93:52:fa:db:4c:7e:
d3:74:37:8e:89:91:59:61:e1:e9:38:87:86:4d:bf:f6:c4:0b:
1e:92:13:e4:71:d2:05:14:c8:d4:d1:37:b3:2d:9f:1d:52:68:
fe:36:03:6c:d9:19:11:c7:18:63:fa:c5:2d:b8:39:31:83:3b:
77:72:07:97
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191115/996660df/attachment.html>
More information about the Users
mailing list