On Sat, Feb 01, 2014, lux-integ wrote: > Greetings, > > I am learning to use openssl to generate certificates for a vpn specifically > the ipsec implementation called strongswan.. I am using a modern linux > distribution with a recent version of openssl. The strongswan online > documentation at: > > http://www.strongswan.org/docs/readme4.htm > > has this excerpt:- > { > As an alternative an OCSP URI can be embedded into the VPN host and user > certificates by putting the line > > authorityInfoAccess=OCSP;URI:http://ocsp.strongswan.org:8880 > > into the [ usr_cert ] section of your openssl.cnf > } > > QUESTION:- > When generating ssl certificates, can one specify multiple URI's for OCSP > servers like so:- > > authorityInfoAccess=OCSP;URI1:http://ocsp.somehost.com:8880 > authorityInfoAccess=OCSP;URI2:http://ocsp.someotherhost.com:8880 >
You can have multiple OCSP URIs but not using that syntax. One way is to separate them with a comma like this: authorityInfoAccess=OCSP;URI:http://ocsp.somehost.com:8880, OCSP;URI:http://ocsp.someotherhost.com:8880 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
