- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Capsule VPN - Fallback to CRL after OCSP is unsucc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Capsule VPN - Fallback to CRL after OCSP is unsuccessful
Hello,
we have problems using Capsule VPN and our new certificates.
According sk179434 the SecGateway will check the CRL when OCSP is not available. We have a OSCP URL defined but it's not active at the moment. Issue is now that we do not see the Fallback. Gateway Version is R81.10 JHF T55.
Do I misunderstand the sk179434?
I also tried to deactivate the validation of the CA but that seems to be ignored.
Any idea anyone?
KR
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you also reviewed sk21156 (in full) as a workaround?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checked now SK21156.
It is in a very confusing layout and I cannot find new information.
I already disabled "Retrieve CRL From -> LDAP Servers and HTTP Servers" for the new CA Object.
Pushed the policy and also changed some settings in the VPN section so that the service also reloads.
I assume TAC is needed.
KR
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Late response but the OSCP failback does not work R81.10 ikev2 jumbo 79 and below. TAC adding fix for Ikev2 and say Ikev1 not affected
If the OCSP fails to connect the Auth fails. Fix for sk179434 is available from TAC if not yet in Jumbo.