CAC Test OCSP AIA failing - Unable to Build Certificate Path
Article ID: 222206
Updated On:
Products
Issue/Introduction
I am trying to configure CAC and when I enter Enable CAC, enter the Trusted Keystore password, and click Enable OCSP AIA, and then I "Test OCSP AIA",
I get a message at the top of the page that says:
"Test Failed: Unable to Build Certificate Path"
"Test Failed: OCSP Server test failed."
We have two test Application servers, running the same software in the same network with the same configuration and they can still connect to the OCSP server without a problem.
Environment
Release : 20.2, 21.2, 23.3
Cause
The client side certificate was not present for OneClick to process and find the OCSP Server from.
Resolution
The tomcat HTTPS connector did not have the clientAuth setting set to true. This setting when true requires a client side
certificate when connecting to OneClick. In this instance, as this was set to false the certificate was not present for the
OCSP AIA test to succeed.
- Set clientAuth="true"
- Restart OneClick tomcat
- Reconnect to OneClick and Configure CaC
$SPECROOT/tomcat/conf/server.xml
Feedback
