Hi, > The serial number of the certificate and the serial number in the OCSP > request is different. It looks like a bug to me.
Is there _any_ certificate in your PKI with the serial number that was requested? Perhaps one that has the same identity as this one? Or is this perhaps the verification of e.g. an intermediate CA certificate and not the end-entity certificate? > On the other side, the the CDP attribute > of the certificate also contains HTTP uri for the CRL. It seems this particular certificate does not actually contain a CDP with an HTTP URI, otherwise the revocation plugin would have tried it after fetching from the LDAP URI failed. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
