Hi Fabrice, can you fetch the CRLs manually e.g. using wget:
wget http://crl1.igc.education.fr/agriates.crl wegt http://crl2.igc.education.fr/agriates.crl If no then the webservers or the CRL files are not available or a firewall is blocking http port 80. If yes, has the the curl plugin been loaded by strongSwan? Regards Andreas On 26.11.2012 12:31, Fabrice Barconnière wrote: > Hello, > > What can i verify with this CRL problem ? > > Nov 22 16:23:05 sphynxtestha1 charon: 15[IKE] received end entity cert > "C=fr, O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] using certificate "C=fr, > O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] using trusted ca > certificate "C=fr, O=gouv, CN=RACINE AGRIATES" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] checking certificate > status of "C=fr, O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] fetching crl from > 'http://crl1.igc.education.fr/agriates.crl' ... > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] using trusted > certificate "C=fr, O=gouv, CN=RACINE AGRIATES" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] crl response verification > failed > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] fetching crl from > 'http://crl2.igc.education.fr/agriates.crl' ... > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] using trusted > certificate "C=fr, O=gouv, CN=RACINE AGRIATES" > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] crl response verification > failed > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] certificate status is not > available > Nov 22 16:23:05 sphynxtestha1 charon: 15[CFG] reached self-signed root > ca with a path length of 0 > Nov 22 16:23:05 sphynxtestha1 charon: 15[IKE] authentication of 'C=fr, > O=gouv, OU=education, OU=ac-dijon, CN=0210066H-15' with RSA signature > successful > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
