Hi Eric,
16[IKE] received end entity cert "CN=pfsense.semperen.net
<http://pfsense.semperen.net>, C=US, ST=OH, L=Van Wert, O=The Semperen
Group, OU=Network Operations"
16[CFG] using certificate "CN=pfsense.semperen.net
<http://pfsense.semperen.net>, C=US, ST=OH, L=Van Wert, O=The Semperen
Group, OU=Network Operations"
16[CFG] using trusted ca certificate "CN=semperen-ipsec-ca, C=US,
ST=OH, L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] checking certificate status of "CN=pfsense.semperen.net
<http://pfsense.semperen.net>, C=US, ST=OH, L=Van Wert, O=The Semperen
Group, OU=Network Operations"
>>>>> 16[CFG] fetching crl from
'https://ipsec-crl.s3.us-east-2.amazonaws.com/Semperen%2BIPSec%2BSigning%2BAuthority%2BCRL.crl
<https://ipsec-crl.s3.us-east-2.amazonaws.com/Semperen%2BIPSec%2BSigning%2BAuthority%2BCRL.crl>'
… <<<<
16[CFG] using trusted certificate "CN=semperen-ipsec-ca, C=US, ST=OH,
L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] crl correctly signed by "CN=semperen-ipsec-ca, C=US, ST=OH,
L=Van Wert, O=The Semperen Group, OU=Network Operations"
16[CFG] crl is valid: until Oct 13 19:33:11 2049
16[CFG] certificate status is good
16[CFG] reached self-signed root ca with a path length of 0
This happens on demand when the peer certificate is verified, not when
the daemon is started.
Regards,
Tobias
