Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URGENT!! CRL verification supported in ASP 4?

terrence
Hello,

Can someone tell me if CRLs verification is supported in ASP4 when using X509 certificates.??!!      


This thread was automatically locked due to age.
Parents
  • 0
    CRL support works. Just copy the CRL files either in PEM or DER format into the directory /etc/ipsec.d/crls and restart FreeS/WAN or execute

    ipsec auto --rereadcrls 

    if you have direct access to the ASL box.

    Regards

    Andreas
      
  • 0 in reply to Andreas Steffen
    Hi

    Have copy the *.der in the directory but was unable to run the  ipsec -auto -rereadcrls .. The  -auto was unknown and ipsec -help is not availabe .(Bloody pain in the ass!!)

    I reboot the unit  but still the same issue.

    Any other ideas .....?????

    This should happen  anyway !!!!!!!  
  • 0 in reply to Fireman
    Hello again,

    FreeSWAN is chrooted on ASL so the correct command would be ' chroot /var/chroot-ipsec/ /usr/locall/sbin/ipsec auto --rereadcrls' but anyway auto doesn't seem to be available.  PEM or DER files would have to go to /var/chroot-ipsec/etc/ipsec.d/crls. IPSec can easily be restarted with '/etc/rc.d/ipsec-starter restart' .

    Greetings
    cyclops

       
Reply
  • 0 in reply to Fireman
    Hello again,

    FreeSWAN is chrooted on ASL so the correct command would be ' chroot /var/chroot-ipsec/ /usr/locall/sbin/ipsec auto --rereadcrls' but anyway auto doesn't seem to be available.  PEM or DER files would have to go to /var/chroot-ipsec/etc/ipsec.d/crls. IPSec can easily be restarted with '/etc/rc.d/ipsec-starter restart' .

    Greetings
    cyclops

       
Children
No Data
Cookie Information Banner