On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote:
> After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP 
> responder" 
> with the following command.  I can confirm certificate with serial 0x14 is 
> present in the system and is not expired/revoked, etc.  I'm a bit nervous 
> about the "OCSPServlet: Could not locate issuing CA" in the Dogtag output 
> below.
> 
> # /usr/bin/openssl ocsp \
>   -issuer /etc/ipa/ca.crt \
>   -nonce \
>   -CAfile /etc/ipa/ca.crt \
>   -url "http://ipa-ca.example.com/ca/ocsp"; \
>   -serial 0x14
> 
> # rpm -q freeipa-server pki-server
> freeipa-server-4.3.1-1.fc24.x86_64
> pki-server-10.3.3-1.fc24.noarch
> 
Hi Anthony,

I wrote this code and I think I know what the issue is.  Could you
please execute `pki-server db-upgrade -v` as root, then try the OCSP
request again?

If it works, happy day for you, and for me too because it confirms
the issue which I must fix :)

Thanks,
Fraser

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to