Hello,
I'm trying to setup my controller to check certificate revocation from newly created Windows CA via OCSP. As I undestand controller is acting as a OCSP Client. I use revocation checking to check user sertificates for VIA users. OCSP server should be up and running. I'm using Microsoft recommended OCSPResponceSigning -certificate template to enroll for response signing sertificate on the CA server.
When revocation chencing takes place process log shows error message "certmgr[1620]: <118004> <ERRS> |certmgr| OCSP response verification failed."
What can cause this?
Other thing that I don't undertand in Revocation CheckPoing configuration is the "OCSP Responder Cert" that must be definet for a Revocation CheckPoint per CA. Documentation does not explain what this sertificate should be. I have tried to put many different certificates there (controllers server cert, CAs OCSP signing cert and CA cert) but I always get error message described above.
I'm running AOS version 6.4.2.0