modified description.txt and evaltest.dat
This commit is contained in:
parent
1e93d77153
commit
b1894cdd92
|
@ -1,7 +1,7 @@
|
|||
By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
|
||||
both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
|
||||
is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
|
||||
issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
|
||||
issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
|
||||
extended key usage flag. A strongswan <b>ca</b> section in ipsec.conf defines an
|
||||
<b>OCSP URI</b> pointing to <b>winnetou</b>.
|
||||
<p>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
moon::cat /var/log/daemon.log::received valid http response::YES
|
||||
moon::cat /var/log/daemon.log::certificate was revoked::YES
|
||||
moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
|
||||
moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
|
||||
moon::ipsec status::rw.*ESTABLISHED::NO
|
||||
carol::ipsec status::home.*ESTABLISHED::NO
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
|
||||
both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
|
||||
is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
|
||||
issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
|
||||
issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
|
||||
extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b>
|
||||
in an authority information access extension pointing to <b>winnetou</b>.
|
||||
Therefore no special ca section information is needed in ipsec.conf.
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
moon::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
|
||||
carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
|
||||
moon::cat /var/log/daemon.log::received valid http response::YES
|
||||
carol::cat /var/log/daemon.log::received valid http response::YES
|
||||
moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
|
||||
carol::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
|
||||
moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
|
||||
moon::cat /var/log/daemon.log::certificate is good::YES
|
||||
carol::cat /var/log/daemon.log::certificate is good::YES
|
||||
moon::ipsec status::rw.*ESTABLISHED::YES
|
||||
|
|
Loading…
Reference in New Issue