The certificate revocation list is not valid
I use the certificate generated by xca
Certificate a for the server certificate,
Certificate b for the client certificate(for android)
The revocation list file is crl.der
The certificate a attribute contains crl distribution points http://xxxx/crl.der
After I revoke certificate b at the same time, I store the crl.der file under ipsec.d/crl/ on the server also.
The client log shows that http://xxxx/crl.der is fetched ,however, it's still connected to the server using certificate b
Why is this and how to solve this problem。
Thanks for you reply.
#2 Updated by Tobias Brunner about 1 month ago
- Category set to configuration
- Status changed from New to Feedback
ecc certificate is not supported when strictcrlpolicy=yes and say the authentication_failed error
Resolved after changing to rsa
Not sure what you are referring to, but the key type should not make a difference.