[Swan] how/where to configure list of 'valid' certs
Marc
Marc at f1-outsourcing.eu
Mon Jan 15 15:25:56 EET 2024
Hi John,
I am on el7 and alpine linux
>
> Personally I keep my certificate generation completely separate from my
> Libreswan installation - I just import new certs and either delete or
> import a CRL as required.
>
Yes I would like to have something similar, preferably stateless container. I have in the alpine linux container the root ca of some test certdb on el7. I am accepting everything from this root ca. So I just need to create a cert and I am done.
> >
>
> I don't think you need to. The tool is for management of existing lists.
>
> Just delete the certificate from the DB and it is revoked.
>
I can't do that because certificates are in an external db on el7, the alpine linux container is not aware of this db. I have to specifically tell the alpine container that it is revoked. I chose this setup because I don't think I will need to revoke before the expiration date. But just in case, I like to be able to do this quickly.
On windows there is a command certutil -revoke, but on el7 I do not have this. So I was wondering how certs are put on this crl in the db.
I probably do not really get the concept here, this certutil is new to me.
More information about the Swan
mailing list