-   Linux - Security (
-   -   crl update is overdue --> What for? in IPSEC (

cmisip 10-24-2003 12:37 AM

crl update is overdue --> What for? in IPSEC
I have freeswan ipsec connecting my laptop to my wired lan (wireless encryption). My logwatch shows crl update is overdue. After some reading, I deduce that:

crl.pem is used for certificate revocation
by default it will expire in 30 days
if it expires, then all certificates issued with the certificate authority are auto revoked unless a new crl.pem is created.

Are the above correct? I am asking because despite the "crl update is overdue" in my logwatch, the laptop can still connect via ipsec freeswan. I am using Freeswan 2.01. Also seem to remember that one of my expired certificates in the past allowed me to connect also.

Thanks for any insight.

stickman 12-01-2003 04:32 PM

Typically the CRL is used to determine whether a cert has been revoked prior to its scheduled expiration date.

cmisip 12-01-2003 08:55 PM

does it actually play a part in certificate revocation? or just gives me information?


stickman 12-02-2003 08:58 AM

The CRL is purely informational. How your app reacts when it's out of date is another story.

All times are GMT -5. The time now is 01:41 AM.