search cancel

CAC Test OCSP AIA failing - Unable to Build Certificate Path


Article ID: 222206


Updated On:


CA Spectrum DX NetOps


I am trying to configure CAC and when I enter Enable CAC, enter the Trusted Keystore password, and click Enable OCSP AIA, and then I "Test OCSP AIA",
   I get a message at the top of the page that says:

"Test Failed: Unable to Build Certificate Path"

"Test Failed: OCSP Server test failed."


We have two test Application servers, running the same software in the same network with the same configuration and they can still connect to the OCSP server without a problem.



The client side certificate was not present for OneClick to process and find the OCSP Server from.


Release : 20.x , 21.2.x


The tomcat HTTPS connector did not have the clientAuth setting set to true. This setting when true requires a client side
    certificate when connecting to OneClick. In this instance, as this was set to false the certificate was not present for the
    OCSP AIA test to succeed.

 - Set clientAuth="true" 
 - Restart OneClick tomcat
 - Reconnect to OneClick and Configure CaC