Thanks -----Original Message----- From: Tobias Brunner <tob...@strongswan.org> Sent: Thursday, May 09, 2019 9:26 AM To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org Cc: Amare, Mesfin <mesfin.am...@teledyne.com> Subject: Re: [strongSwan] charon and CRL loading
---External Email--- Hi Anthony, > If a CRL comes in, then I think we would need to do the following: > 1. create "authorities section" "crl_uirs = fill:///xxx" in > swanctl.conf 2. --load-authorities 3. --load-creds You don't need step 3 if you use file URIs, the CRL is fetched dynamically during authentication (if you update the CRL, while the old one is still valid for a while, you need to flush the cache, as pointed out before). And if you, alternatively, store the CRL in x509crl then you only need step 3 (and, again, perhaps flush the cache). Regards, Tobias