Hmmm, in larger setups it could be annoying, but perhaps there will be a solution one day ;-)
Perhaps to chose one crl, ipsec should use... ? Regards, martin -----Ursprüngliche Nachricht----- Von: Jim Pingle [mailto:li...@pingle.org] Gesendet: Mittwoch, 17. August 2011 23:55 An: support@pfsense.com Betreff: Re: [pfSense Support] IPSec crl On 8/17/2011 4:56 PM, Fuchs, Martin wrote: > Hi, > Does the IPSec config make use of crl's defined in the certified-Manager ? > I cannot See any references To used crl in the cert-Manager when a crl > is d= efined there, neither can i Chose a crl in the IPSec-config.=20 > This is a Security-Risk i think, that should Be fixed 2.0 leaves the > door = or am i mistaken ? The IPsec config doesn't currently hook into the CRLs from the system. It's been discussed on the forum a bit. http://forum.pfsense.org/index.php?topic=35872.0 is the thread I was thinking of specifically. The way racoon wants the crl written out and named wasn't very easy to work with. It's not that dangerous to run without a CRL unless you need to revoke access, then you can always just switch up the CA and certs for both ends if it's custom. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
