Thank you, Tobias. That is some part of my openssl.cnf, but I use your suggestion to uncomment this line in my openssl.cnf, everything is ok now. # crl_extensions = crl_ext
Thank you again. -- Best Regards Jacky -----Original Message----- From: Tobias Brunner [mailto:[email protected]] Sent: Thursday, July 28, 2011 6:53 PM To: Jacky.He Cc: [email protected] Subject: Re: [strongSwan] Help, charon: 03[CFG] issuer of fetched CRL does not match CRL issuer Hi Jacky, Is that your complete openssl.cnf? Because the crl_ext section has to actually be referenced in your CA section. Something like: [ ca ] default_ca = my_ca [ my_ca ] dir = /dir/to/ca # ... other options (see 'man ca') crl_extensions = crl_ext Regards, Tobias __________ Information from ESET NOD32 Antivirus, version of virus signature database 6330 (20110727) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
