request for non recognized CA

[moodygit]

Hi,

I received from ocspd server message that server can't recognize my CA.

OCSPD server starts ok :

OpenCA OCSPD v3.1.2 - starting.
CRL matching CA cert ok [ 1 ]
INFO::CRL::1 Entries [ COMP ]
Configuration loaded and parsed
New Thread Started [4]
New Thread Started [9]
New Thread Started [7]
New Thread Started [5]
New Thread Started [3]
New Thread Started [1]
New Thread Started [8]
New Thread Started [6]
New Thread Started [2]
New Thread Started [0]

Try to run ocsp request locally
openssl ocsp -CAfile ca-chain.pem -url http://ocsp_domain:545 -resp_text -issuer comp-ca.crt -cert s-k.crt
[ocspd server bind 127.0.0.1;2560, and nginx redirect from ocsp_domain:545 to 127.0.0.1:2560 by proxypass]

Received:

Response verify OK
s-k.crt: unknown
        This Update: Oct  6 13:45:09 2017 GMT
        Next Update: Oct  6 13:50:09 2017 GMT

OCSPD debug log:

  Connection from [127.0.0.1]
  Request for certificate serial 26658
  request for non recognized CA [serial 26658]

Could you please help me?

Thanks

[opencrypto]

From what I can see, it just seems that any of the CAs that I supposed you configured in the OCSP responder is actually the one that issued the certificate you are trying to verify. Can you check that the "comp-ca.crt" is actually configured as one of the CAs that the OCSPD is responding for ?