Hi all,
Looking at seeing if there's any decent way of getting isakmpd to
perform OCSP lookups to verify that a potential IPSec client's
certificate is currently not revoked before allowing them to authenticate.
I looked through the archives, and there was one link to someone's
procedural guide to handling terminating employees (manually updating a
CRL and distributing), and one link to a PDF that no longer exists. I'd
like to roll out PKI for a network with quite a few VPN concentrators
running OpenBSD and SonicWalls without completely losing my mind as far
as handling revoked X509 certificates.
man isakmpd.conf yields nothing, isakmpd.policy yields nothing obvious,
nor does keynote
If this is possible and I've missed it, please let me know your
experience or any pointers on where to best RTFM.
Thanks!