On Tue, 17 Dec 2019, Utkarsh Kumar wrote:
Hi Everyone, I have a application where I am establishing IPSEC
connection between two linux machines using libreswan which is happening
successfully.
I have enabled strict crl check in config with interval of 60 sec.
crl-strict=yes
crlcheckinterval=1m
End Certificate:
Screen Shot 2019-12-17 at 10.23.45 PM.png
Does the CAcert have the CRL distribution point ?
But the CRL list is not updating automatically. In the logs I am seeing
following error. Can anyone please help me with the solution here.
Error:
Dec 17 18:46:05: | *time to check crls
Dec 17 18:46:05: | attempting to add a new CRL fetch request
Dec 17 18:46:05: | could not find CRL URI ext -8157
That error is SEC_ERROR_EXTENSION_NOT_FOUND.
Dec 17 18:46:05: | no distribution point available for new fetch request
I think your CA might not have been created with the CRL distribution
point in it?
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
