On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote: > After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP > responder" > with the following command. I can confirm certificate with serial 0x14 is > present in the system and is not expired/revoked, etc. I'm a bit nervous > about the "OCSPServlet: Could not locate issuing CA" in the Dogtag output > below. > > # /usr/bin/openssl ocsp \ > -issuer /etc/ipa/ca.crt \ > -nonce \ > -CAfile /etc/ipa/ca.crt \ > -url "http://ipa-ca.example.com/ca/ocsp"; \ > -serial 0x14 > > # rpm -q freeipa-server pki-server > freeipa-server-4.3.1-1.fc24.x86_64 > pki-server-10.3.3-1.fc24.noarch > Hi Anthony,
I wrote this code and I think I know what the issue is. Could you please execute `pki-server db-upgrade -v` as root, then try the OCSP request again? If it works, happy day for you, and for me too because it confirms the issue which I must fix :) Thanks, Fraser -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
