strongSwan KVM Tests / ikev2 / ocsp-root-cert
Test ikev2/ocsp-root-cert
Description
By setting revocation = strict, a strict CRL policy is enforced on both roadwarrior carol and gateway moon. The online certificate status is checked via the OCSP server winnetou which uses the strongSwan CA's private key to sign OCSP responses. carol can successfully initiate an IPsec connection to moon since the status of both certificates is good.