[Ejbca-develop] stand-alone OCSP responder => unauthorized(6)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

HI!

Hmm, I've setup an stand-alone OCSP responder and imported CA cert, initialized
OCSPKeyBinding etc. all with latest SVN revision.

Table certificatedata is populated by the publisher with CA and EE certs.

The adminweb shows the CA and I've added external CDPs.

Table base64certdata is empty but column certificatedata.base64cert is
populated.

But still something's missing in the DB.

The server.log says (tweaked names and IP address):

17:23:55,603 INFO 
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean]
(http--0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
11542cac9598dd7a, and issuerNameHash: 8be9abc6e3e5996ae51628169d52f9fcac10a272.
Client ip 42.23.42.23.

17:23:55,626 ERROR
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean]
(http--0.0.0.0-8080-1) Unable to find CA certificate by issuer name hash:
8be9abc6e3e5996ae51628169d52f9fcac10a272, or even the default responder:
CN=ocsp-server-ca-vm-ejbca-ocsp-01,OU=PKI Operation,O=ACME Corp.,C=DE.

17:27:01,105 INFO 
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean]
(http--0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
11542cac9598dd7a, and issuerNameHash: 8be9abc6e3e5996ae51628169d52f9fcac10a272.
Client ip 42.23.42.23.

17:27:01,121 ERROR
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean]
(http--0.0.0.0-8080-1) Unable to find CA certificate by issuer name hash:
8be9abc6e3e5996ae51628169d52f9fcac10a272, or even the default responder:
CN=ocsp-server-ca-vm-ejbca-ocsp-01,OU=PKI Operation,O=ACME Corp.,C=DE.

Where to look in the DB what's missing?
How's the DB lookup done for issuer name/key hash?

Ciao, Michael.