LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-23-2003, 11:37 PM   #1
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Rep: Reputation: 30
crl update is overdue --> What for? in IPSEC


I have freeswan ipsec connecting my laptop to my wired lan (wireless encryption). My logwatch shows crl update is overdue. After some reading, I deduce that:

crl.pem is used for certificate revocation
by default it will expire in 30 days
if it expires, then all certificates issued with the certificate authority are auto revoked unless a new crl.pem is created.

Are the above correct? I am asking because despite the "crl update is overdue" in my logwatch, the laptop can still connect via ipsec freeswan. I am using Freeswan 2.01. Also seem to remember that one of my expired certificates in the past allowed me to connect also.

Thanks for any insight.
 
Old 12-01-2003, 03:32 PM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Typically the CRL is used to determine whether a cert has been revoked prior to its scheduled expiration date.
 
Old 12-01-2003, 07:55 PM   #3
cmisip
Member
 
Registered: Aug 2002
Posts: 189

Original Poster
Rep: Reputation: 30
does it actually play a part in certificate revocation? or just gives me information?

Thanks
 
Old 12-02-2003, 07:58 AM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
The CRL is purely informational. How your app reacts when it's out of date is another story.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec eagle683 Linux - Security 5 06-10-2005 10:53 AM
IPsec cranium2004 Linux - Security 5 05-01-2005 08:21 PM
crl.pem and Oulook PcHammer Linux - Software 0 01-27-2005 02:39 AM
Ipsec MarleyGPN Linux - Networking 1 07-15-2003 08:18 AM
ipsec pk21 Linux - Software 2 01-30-2003 06:39 AM


All times are GMT -5. The time now is 11:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration