Hello,
In deploying EAP-TLS with OCSP checking with ClearPass as the RADIUS server in our enterprise, we see the following warnings in our logs:
WARN RadiusServer.Radius - Error: Couldn't verify OCSP basic response, status 0, trying with OCSP_TRUSTOTHER flag
WARN RadiusServer.Radius - Error: Couldn't verify OCSP basic response, status 0, trying with OCSP_NOCHECKS flag
WARN RadiusServer.Radius - Error: Couldn't verify OCSP basic response, status 0, trying with OCSP_NOVERIFY
INFO RadiusServer.Radius - chain-depth=0,
INFO RadiusServer.Radius - error=3
INFO RadiusServer.Radius - --> User-Name = tim.haynie
INFO RadiusServer.Radius - --> subject = /CN=tim.haynie
INFO RadiusServer.Radius - --> issuer = /DC=com/DC=<redacted>
INFO RadiusServer.Radius - --> verify return:1
Based on "verify return:1" it appears to still be checking our OCSP server and getting back a response on returning whether or not the cert is valid, but we want to understand the meaning of the warnings in the log. Any insight is appreciated.
ClearPass is NOT the CA, neither root nor intermediate, for the user certs.
Thanks,
Tim