Hi,
I have a FortiGate using OS v5.2.8 and a Windows Server 2012 R2 with certificate services installed + OCSP is running.
When I create a PKI user the certificate is checked online during the SSLVPN connection start:
2016-08-14 20:46:50 fnbamd_fsm.c[2146] handle_req-Rcvd auth_cert req id=869183948 2016-08-14 20:46:50 fnbamd_auth.c[1308] check_cert-CA found: CA_Cert_3 2016-08-14 20:46:50 fnbamd_auth.c[1617] cert_check_group_list-checking group type 1 group name 'SSL_PKI' 2016-08-14 20:46:50 fnbamd_auth.c[1510] check_add_peer-check peer user 'ituser1' in group 'SSL_PKI', result is 0 2016-08-14 20:46:50 fnbamd_auth.c[1642] cert_check_group_list-Status pending for group 'SSL_PKI' 2016-08-14 20:46:50 fnbamd_cert.c[354] fnbamd_ocsp_start-Created OCSP request 2016-08-14 20:46:50 fnbamd_cert.c[114] ocsp_connect-Try url 1: host=dc1.gts.cz port=80(http) path=/ocsp 2016-08-14 20:46:50 fnbamd_cert.c[492] _fnbamd_ocsp_get_rsp-tcp connected 2016-08-14 20:46:50 fnbamd_cert.c[523] _fnbamd_ocsp_get_rsp-Sent OCSP request 2016-08-14 20:46:50 fnbamd_cert.c[537] _fnbamd_ocsp_get_rsp-recv returned: 2134 2016-08-14 20:46:50 fnbamd_cert.c[537] _fnbamd_ocsp_get_rsp-recv returned: 0 2016-08-14 20:46:50 fnbamd_cert.c[596] _fnbamd_ocsp_get_rsp-Received OCSP response 2016-08-14 20:46:50 fnbamd_cert.c[328] ocsp_verify_rsp-*** Certificate status is good 2016-08-14 20:46:50 fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 0 for req 869183948
When I try to use other than PKI user (let's say LDAP user) the revocation list is not checked:
2016-08-14 20:48:35 fnbamd_fsm.c[2146] handle_req-Rcvd auth_cert req id=869183949 2016-08-14 20:48:35 fnbamd_auth.c[1308] check_cert-CA found: CA_Cert_3 2016-08-14 20:48:35 fnbamd_auth.c[1608] cert_check_group_list-group list is null 2016-08-14 20:48:35 fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 0 for req 869183949
Does it mean that only the PKI user certificates can be checked for revocation via OCSP? Or some other settings are missing?
AtiT
User | Count |
---|---|
991 | |
827 | |
462 | |
440 | |
132 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.