[Swan-dev] Libreswan library not taking CRLs from the certificate link.
Paul Wouters
paul at nohats.ca
Tue Dec 17 17:40:23 UTC 2019
On Tue, 17 Dec 2019, Utkarsh Kumar wrote:
> Hi Everyone, I have a application where I am establishing IPSEC connection between two linux machines using libreswan which is happening successfully.
>
> I have enabled strict crl check in config with interval of 60 sec.
>
> crl-strict=yes
> crlcheckinterval=1m
>
> End Certificate:
>
> Screen Shot 2019-12-17 at 10.23.45 PM.png
Does the CAcert have the CRL distribution point ?
> But the CRL list is not updating automatically. In the logs I am seeing following error. Can anyone please help me with the solution here.
>
> Error:
>
> Dec 17 18:46:05: | *time to check crls
>
> Dec 17 18:46:05: | attempting to add a new CRL fetch request
>
> Dec 17 18:46:05: | could not find CRL URI ext -8157
That error is SEC_ERROR_EXTENSION_NOT_FOUND.
> Dec 17 18:46:05: | no distribution point available for new fetch request
I think your CA might not have been created with the CRL distribution
point in it?
Paul
More information about the Swan-dev
mailing list