Occasional Contributor II

OCSP response verification failed



I'm trying to setup my controller to check certificate revocation from newly created Windows CA via OCSP. As I undestand controller is acting as a OCSP Client. I use revocation checking to check user sertificates for VIA users. OCSP server should be up and running. I'm using Microsoft recommended OCSPResponceSigning -certificate template to enroll for response signing sertificate on the CA server.


When revocation chencing takes place process log shows error message "certmgr[1620]: <118004> <ERRS> |certmgr| OCSP response verification failed."


What can cause this?


Other thing that I don't undertand in Revocation CheckPoing configuration is the "OCSP Responder Cert" that must be definet for a Revocation CheckPoint per CA. Documentation does not explain what this sertificate should be. I have tried to put many different certificates there (controllers server cert, CAs OCSP signing cert and CA cert) but I always get error message described above.


I'm running AOS version

Occasional Contributor II

Re: OCSP response verification failed

It seems that this was an issue with the OCSP responder. I enabled NONCE extension. This did the trick. OCSP is now working. I think NONCE requirement should be mentioned in the documentation.

Search Airheads
Showing results for 
Search instead for 
Did you mean: