Hi Anthony, > If a CRL comes in, then I think we would need to do the following: > 1. create "authorities section" "crl_uirs = fill:///xxx" in swanctl.conf > 2. --load-authorities > 3. --load-creds
You don't need step 3 if you use file URIs, the CRL is fetched dynamically during authentication (if you update the CRL, while the old one is still valid for a while, you need to flush the cache, as pointed out before). And if you, alternatively, store the CRL in x509crl then you only need step 3 (and, again, perhaps flush the cache). Regards, Tobias