Ping a Specific Port

Question

Evan Carroll

Asked: 2013-08-10 01:41:35 +0800 CST2013-08-10 01:41:35 +0800 CST 2013-08-10 01:41:35 +0800 CST

StrongSwan outputs in log "certificate status is not available"

772

Wha does the warning certificate status is not available in charon.log mean?

16[CFG] certificate status is not available
16[CFG]   reached self-signed root ca with a path length of 0

Everything works, I just want to understand what it means.

1 Answers

Voted

ecdsa · Answer 1 · 2013-08-10T05:54:26+08:00

Best Answer

ecdsa

2013-08-10T05:54:26+08:002013-08-10T05:54:26+08:00

It means that strongSwan was not able to verify the status of the certificate with either a Certificate Revocation List (CRL) or via the Online Certificate Status Protocol (OCSP). Both methods can be used to revoke previously issued certificates. If strictcrlpolicy in ipsec.conf is set to yes or ifuri strongSwan will only accept certificates if the status has been verified, the default is no so you will just get this log message.

If you want to use one or both of these methods you have to create a CRL or setup an OCSP server and then either configure the CRL or OCSP URIs in a ca section in ipsec.conf, or make sure your certificates contain the URIs in CRL Distribution Point or Authority Information Access X.509 extensions. For smaller setups this is usually not required, though.

7

StrongSwan outputs in log "certificate status is not available"

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?