On 8/17/2011 4:56 PM, Fuchs, Martin wrote: > Hi, > Does the IPSec config make use of crl's defined in the certified-Manager ? > I cannot See any references To used crl in the cert-Manager when a crl is d= > efined there, neither can i Chose a crl in the IPSec-config.=20 > This is a Security-Risk i think, that should Be fixed 2.0 leaves the door = > or am i mistaken ?
The IPsec config doesn't currently hook into the CRLs from the system. It's been discussed on the forum a bit. http://forum.pfsense.org/index.php?topic=35872.0 is the thread I was thinking of specifically. The way racoon wants the crl written out and named wasn't very easy to work with. It's not that dangerous to run without a CRL unless you need to revoke access, then you can always just switch up the CA and certs for both ends if it's custom. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org