From: Cord Kielhorn (kielhorn_at_openit.de)
Date: Fri Sep 27 2002 - 23:39:17 CEST
Hi Dominik,
>>>>> "DB" == Dominik Brosch <Dominik.Brosch_at_alps-europe.com> writes:
DB> I am searching for a possibility to remove a roadwarrior
DB> from my box. I consider that it have to be possible to remove a
DB> client from CA. before his key is expired. Is this OK, or do I
DB> trust a client for every time, after providing key-files to him?
This depends on the version of the X.509 patch and the configuration
method you used: If you have a conn section of his own for every RW,
simply remove the conn section of the RW you don't trust any more. If
you use a single conn section for several RWs, thus allowing them to
connect by simply providing a cert which is signed by your CA, put the
no longer trusted RW on CRL (Certificate Revocation List). It's all
explained in the X.509 patch documentation.
Hth
Cord
-- Cord Kielhorn, OpenIT GmbH, Jahnstraße 18, 40215 Düsseldorf, Germany Tel +49 211 239 577-0, Fax +49 211 239 577-10, http://www.OpenIT.de OpenPGP key: 1024D/319B3E52 2000-05-15 Cord Kielhorn <kielhorn_at_OpenIT.de> fingerprint: 0F56 C938 5CAF AC5D 126B 7B20 643C 671E 319B 3E52 _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Sep 28 2002 - 05:20:19 CEST