Project

General

Profile

Issue #3532

The certificate revocation list is not valid

Added by zhenxing huang about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.9.0
Resolution:

Description

Hello

I use the certificate generated by xca
Certificate a for the server certificate,
Certificate b for the client certificate(for android)
The revocation list file is crl.der
The certificate a attribute contains crl distribution points http://xxxx/crl.der

After I revoke certificate b at the same time, I store the crl.der file under ipsec.d/crl/ on the server also.

The client log shows that http://xxxx/crl.der is fetched ,however, it's still connected to the server using certificate b

Why is this and how to solve this problem。

Thanks for you reply.

History

#1 Updated by zhenxing huang about 2 months ago

ecc certificate is not supported when strictcrlpolicy=yes and say the authentication_failed error

Resolved after changing to rsa

#2 Updated by Tobias Brunner about 1 month ago

  • Category set to configuration
  • Status changed from New to Feedback

ecc certificate is not supported when strictcrlpolicy=yes and say the authentication_failed error

Resolved after changing to rsa

Not sure what you are referring to, but the key type should not make a difference.

Also available in: Atom PDF