Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Advisor

Capsule VPN - Fallback to CRL after OCSP is unsuccessful

Hello,

we have problems using Capsule VPN and our new certificates.

According sk179434  the SecGateway will check the CRL when OCSP is not available. We have a OSCP URL defined but it's not active at the moment. Issue is now that we do not see the Fallback. Gateway Version is R81.10 JHF T55.

Do I misunderstand the sk179434?

grafik.png

I also tried to deactivate the validation of the CA but that seems to be ignored.

grafik.png

 

Any idea anyone?

 

KR
David

 

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

Have you also reviewed sk21156 (in full) as a workaround?

CCSM R77/R80/ELITE
0 Kudos
(1)
D_W
Advisor

Checked now SK21156.

It is in a very confusing layout and I cannot find new information.

I already disabled "Retrieve CRL From -> LDAP Servers and HTTP Servers" for the new CA Object.
Pushed the policy and also changed some settings in the VPN section so that the service also reloads.
I assume TAC is needed.

KR
David

0 Kudos
spottex
Contributor

Late response but the OSCP failback does not work R81.10 ikev2 jumbo 79 and below. TAC adding fix for Ikev2 and say Ikev1 not affected
If the OCSP fails to connect the Auth fails. Fix for sk179434 is available from TAC if not yet in Jumbo.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events