CaC Test OCSP AIA failing - Unable to Build Certificate Path

book

Article ID: 222206

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


I am trying to configure CAC and when I enter Enable CAC, enter the Trusted Keystore password, and click Enable OCSP AIA, and then I "Test OCSP AIA",
   I get a message at the top of the page that says:

"Test Failed: Unable to Build Certificate Path"

"Test Failed: OCSP Server test failed."


 



We have two test Application servers, running the same software in the same network with the same configuration and they can still connect to the OCSP server without a problem.

 

Cause


The client side certificate was not present for OneClick to process and find the OCSP Server from.

Environment

Release : 20.x , 21.2.x

Component : Spectrum OneClick

Resolution


The tomcat HTTPS connector did not have the clientAuth setting set to true. This setting when true requires a client side
    certificate when connecting to OneClick. In this instance, as this was set to false the certificate was not present for the
    OCSP AIA test to succeed.

 - Set clientAuth="true" 
 - Restart OneClick tomcat
 - Reconnect to OneClick and Configure CaC

$SPECROOT/tomcat/conf/server.xml

 

 

Attachments