diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
| commit | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch) | |
| tree | 302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /testing/tests/swanctl/ocsp-signer-cert/description.txt | |
| parent | 25663e04c3ab01ef8dc9f906608282319cfea2db (diff) | |
| download | vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip | |
New upstream version 5.5.2
Diffstat (limited to 'testing/tests/swanctl/ocsp-signer-cert/description.txt')
| -rw-r--r-- | testing/tests/swanctl/ocsp-signer-cert/description.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/testing/tests/swanctl/ocsp-signer-cert/description.txt b/testing/tests/swanctl/ocsp-signer-cert/description.txt new file mode 100644 index 000000000..22496f1cb --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/description.txt @@ -0,0 +1,10 @@ +By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on +both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status +is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate +issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b> +extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b> +in an authority information access extension pointing to <b>winnetou</b>. +Therefore no special authorities section information is needed in moon's swanctl.conf. +<p> +<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since +the status of both certificates is <b>good</b>. |