Certificate revocation issue when using intermediate CA
-
Hi.
I have a problem with certificate revocation when we use Intermediate CA.
Our VPN configuration: Pfsense version - 2-4-4-RELEASE-p2
CAs: Imported External Root CA (self signed).
Internal created two Intermediate CAs (CA1 and CA2) signed by RootCA .
OPENVPN instance parameters:Server mode - Remote Access (SSL/TLS + User auth)
Server certificate - certificate of CA1 was selected
Peer Certificate Authority - CA2 was selected
Peer Certificate Revocation list - CRL of CA2 was selected
Certificate Depth - TWO (client+intermediate+server)
Our problem is: client can connect to VPN without any problem also when his certificate was revoked. (Instance of OPENVPN was restarted to take effect immediately)Any Ideas how can we resolve this problem?
I will be glad to any hint.