Hosting Provided By

Re: [Users] crp.pem regen and x509

From: Andreas Steffen <andreas.steffen(at)strongsec.net>
Date: Tue Mar 16 2004 - 15:27:35 EST

Jason C. Leach wrote:

> hi,
>
> Each time I create a new user/client certificate do I need to update

no, as I have already written, you don't have to update neither the certificate revocation list (CRL) nor the CA certificate (cacert.pem).

> What is crl.pem? Do I need to re-generate it after every client

A crl has a limited validity (nextUpdate parameter). Therefore it must be updated periodically. A CRL contains a signed list with the serial numbers of revoked certificates.

Regards

Andreas

Do you need help?

> Thanks,
> Jason.

P.S. Your mail server does not accept emails from IP addresses that

      belong to dynamic IP ranges. So unfortunately you won't be able
      to read my reply directly.

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64

CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65

==========================================[strong internet security]===
_______________________________________________

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Tue Mar 16 15:36:47 2004

This message: [ Message body ]
Next message: Erich Titl: "Re: [Users] ipsec wildcard does not get a suitable connection"
Previous message: Andreas Steffen: "Re: [Users] ipsec.conf + freeswan"
In reply to Jason C. Leach: "[Users] crp.pem regen and x509"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:20 EDT