strongSwan KVM Tests / ikev2 / ocsp-untrusted-cert
Test ikev2/ocsp-untrusted-cert
Description
By setting revocation = strict, a strict CRL policy is enforced on both roadwarrior carol and gateway moon. The online certificate status is checked via the OCSP server winnetou which is sending its self-signed OCSP signer certificate. carol cannot successfully initiate an IPsec connection to moon since the self-signed certificate contained in the OCSP response will not be accepted by moon.