Replies: 2 comments 3 replies
-
|
CA certificates have to be installed, as "External CA". See CA->Import CA |
Beta Was this translation helpful? Give feedback.
-
|
It's a CA created from EJBCA so I can't import it : "Already exists” |
Beta Was this translation helpful? Give feedback.
-
|
Hmm, what version of EJBCA is this? |
Beta Was this translation helpful? Give feedback.
-
|
9.0.0 |
Beta Was this translation helpful? Give feedback.
-
|
Finally, I realize that the OCSP works fine even if this error is present |
Beta Was this translation helpful? Give feedback.
-
Hello,
I'm trying to configure the OCSP responder part.
I have created an OCSP Responder, downloaded its certificate, signed it and then imported it.
However, when I look at the logs, I see these two errors:
2025-01-21 11:24:32,794+0100 WARN [org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean] (EJB default - 1) Unable to build certificate chain for OCSP signing certificate with Subject DN 'CN=XXXX_OCSP_EXTPKI,O=XXXX,C=FR'. CA with Subject DN 'CN=PKI-EXT-XXXX_RootCA,O=XXXX,C=FR' is missing in the database.2025-01-21 11:24:32,794+0100 WARN [org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean] (EJB default - 1) OcspKeyBinding XXXX_OCSP_EXTPKI ( 1313114862) has a signing certificate, but no chain and will be ignored.Can you tell me how to resolve these errors?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions