Disable OCSP check for subCA certificates #2176
Replies: 3 comments 5 replies
-
If you configure the OCSP URI for the root CA (which is what |
Beta Was this translation helpful? Give feedback.
-
Thanks @tobiasbrunner . As suggested we configured OCSP URI for the subcacertificate
But still could observe OCSP check logs for subca. Logs
|
Beta Was this translation helpful? Give feedback.
-
Thanks @tobiasbrunner . If we doesnt have subca certificate beforehand, how to prevent the OCSP check of subca certificate? |
Beta Was this translation helpful? Give feedback.
-
Since our peer certificate is lacking an OCSP URL in its certificate extension, we have configured OCSP URI in the authorities section.
And below are the configuration files.
strongswan.conf
swanctl.conf
revocation = ifuri is configured
We performed swanctl --load-authorities, swanctl --load-conns and swanctl --initiate --child home3-child.
We are observing OCSP check is being done for subCA i.e. checking certificate status of "C=US, O=, OU=, CN=<Sub-CA 3>".
How can we disable OCSP check for subCA ?
Logs
Beta Was this translation helpful? Give feedback.
All reactions