Dear,

I have Root CA and Issue CA in my network. The issue CA is signed by the Root CA. Both these CAs are installed in CentOS 7 and Dogtag Version 10.5. Now I am going to Install the OCSP for the Issue CA. There is no OCSP for the CentOS 7, so I installed the OCSP (10.8) in fedora. I tried to connect the OCSP to Issue CA with both Interactive and Manual configuration method. I still got an error.

Error comes while tried to install the OCSP

INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ocsp/conf/CS.cfg

INFO: Checking existing SSL server cert: Server-Cert cert-pki-tomcat

INFO: Creating temp SSL server cert for ocsp.mycompany.lk

Notice: Trust flag u is set automatically if the private key is present.

INFO: Joining existing domain

INFO: Getting token for installing OCSP on ocsp.mycompany.lk

Installation failed:

com.netscape.certsrv.base.PKIException: error result

Please check the OCSP logs in /var/log/pki/pki-tomcat/ocsp.

There is no error shows in the log file. If I use the pkispawn it also generate the same error.

My OCSP configuration

[DEFAULT]

pki_server_database_password=Secret.123

[OCSP]

pki_admin_cert_file=/home/user/Desktop/ca_admin_cert.p12 [ i used the p12 admin file from issue ca server]

pki_admin_email=ocspadmin@example.com

pki_admin_name=ocspadmin

pki_admin_nickname=ocspadmin

pki_admin_password=Secret.123

pki_admin_uid=ocspadmin

pki_client_database_password=Secret.123

pki_client_database_purge=False

pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=ocsp,dc=mycompany,dc=lk

pki_ds_database=ocsp

pki_ds_password=Secret.123

pki_clone_pkcs12_password=Secret.123

pki_security_domain_name=MYDOMAIN

pki_security_domain_user=caadmin

pki_security_domain_password=Secret.123

pki_token_password=Secret.123

pki_security_domain_hostname=issueca.mycompany.lk

My Issue CA configuration.

[CA]

pki_admin_email=caadmin@example.com

pki_admin_name=caadmin

pki_admin_nickname=caadmin

pki_admin_password=Secret.123

pki_admin_uid=caadmin

pki_client_database_password=Secret.123

pki_client_database_purge=False

pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk

pki_ds_database=ca

pki_ds_password=Secret.123

pki_security_domain_name=MYDOMAIN

pki_token_password=Secret.123

pki_external=True

pki_external_step_two=True

pki_ca_signing_csr_path=ca_signing.csr

pki_ca_signing_cert_path=ca_signing.crt