EAP-TLS - CRL Checking - Expired?

To: freeradius-users@lists.freeradius.org
Subject: EAP-TLS - CRL Checking - Expired?
From: "Stephen Bowman" <stephenbb@gmail.com>
Date: Mon, 6 Nov 2006 15:53:56 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=ge5g3bh2e2/zin7BT13funsLsaI5ZwS5c04NTwi14AgRVtb1jwssz0Dq2Z6fBV77y49lBAY+A2IgZnpZT4TfQRbJEGuJkiQ2hEQRY+/x7SxMo1XklBZwNf79aSV/02BhdLBSv0jsZvzGkAg/Ailv3QiEyBFAmmItXXyXwFz3ojc=
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

We're using FreeRadius as the EAP server in a wireless environment. All clients have smart cards, so as such we're using EAP-TLS. My question is in relation to CRL checking. I currently download CRLs nightly, but over the weekend it looks like perhaps the CRL download failed as nobody could connect, and in the logs is a series of errors like:

Error: --> verify error:num=12:CRL has expired

What determines the expire time of a CRL?

I noticed that within the CRL there is a Next Update field.. is this what it uses?

Follow-Ups:
- Re: EAP-TLS - CRL Checking - Expired?
  - From: "Alan DeKok" <aland@deployingradius.com>
- Re: EAP-TLS - CRL Checking - Expired?
  - From: Benjamin Bennett <ben@psc.edu>

Previous by Date: Failed to link EAP type EAP/TLS
Next by Date: Re: FreeRadius seems to be working, but not getting it to respond
Previous by Thread: Re: EAP-AKA support?
Next by Thread: Re: EAP-TLS - CRL Checking - Expired?
Freeradius-Users November 2006 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.