My VA server has the CertificateData table constantly synced with my CA. I have imported all the active CA certs on my CA into my VA as external CAs.
Yet in the server.log i constantly see: No CertificateData found with fingerprint 049a1b0baf74aea8a811f24c8d72dba59a4e029b for 'CN=SUBCAOCSP' issued by 'CN=SUBCA'.
Yet if i Query the ejbca.CertificateData table on my VA:
+------------------------------------------+
9 rows in set (0.000 sec)
The fingerprint IS there. All of the certs exist in the database. This makes it so that when i make an ocsp request i get :
Unable to build certificate chain for OCSP signing certificate with Subject DN 'CN=Responder'. CA with Subject DN 'CN=SUBCAOCSP' is missing in the database.
However it DOES exist in the database. Im confused.
Last edit: Maxwell Chandler 2024-02-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My VA server has the CertificateData table constantly synced with my CA. I have imported all the active CA certs on my CA into my VA as external CAs.
Yet in the server.log i constantly see: No CertificateData found with fingerprint 049a1b0baf74aea8a811f24c8d72dba59a4e029b for 'CN=SUBCAOCSP' issued by 'CN=SUBCA'.
Yet if i Query the ejbca.CertificateData table on my VA:
MariaDB [ejbca]> select fingerprint from CertificateData;
+------------------------------------------+
| fingerprint |
+------------------------------------------+
| 049a1b0baf74aea8a811f24c8d72dba59a4e029b |
+------------------------------------------+
9 rows in set (0.000 sec)
The fingerprint IS there. All of the certs exist in the database. This makes it so that when i make an ocsp request i get :
Unable to build certificate chain for OCSP signing certificate with Subject DN 'CN=Responder'. CA with Subject DN 'CN=SUBCAOCSP' is missing in the database.
However it DOES exist in the database. Im confused.
Last edit: Maxwell Chandler 2024-02-13