Hello Andreas, > the only alternative to extracting http CDPs from end entitcy certificates > is to define additional CDPs in ipsec.conf in a special ca section
Thank you. Assuming that the retrieved CRL was signed by CA1, my question is: Does strongSwan expects a X.509 certificate with a subject name CA1 in "/etc/ipsec.d/cacerts" to check/validate the signature of the CRL? Best Regards Mugur _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users