ONTAP Mediator code check error querying ocsp responder
- Views:
- 321
- Visibility:
- Public
- Votes:
- 0
- Category:
- metrocluster
- Specialty:
- metrocluster
- Last Updated:
- 1/26/2023, 3:09:12 PM
Applies to
- MetroCluster IP
- ONTAP 9
- ONTAP Mediator version 1.5.0 and above
Issue
The OCSP query in the ONTAP Mediator code verification check fails:
[root@server1 ontap-mediator-1.5.0]# openssl ocsp -issuer csc-prod-chain-ONTAP-Mediator.pem -CAfile csc-prod-chain-ONTAP-Mediator.pem -cert csc-prod-ONTAP-Mediator.pem -url http://ocsp.entrust.net -resp_text -respout resp.der
Error querying OCSP responder
[root@server1 ontap-mediator-1.5.0]# openssl ts -verify -data ontap-mediator-1.5.0.sig -in ontap-mediator-1.5.0.sig.tsr -CAfile tsa-prod-chain-ONTAP-Mediator.pem -untrusted tsa-prod-ONTAP-Mediator.pem
Verification: FAILED
140046709598096:error:2F067065:time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing certificate error:ts_rsp_verify.c:311:
[root@server1 ontap-mediator-1.5.0]# openssl ts -verify -data ontap-mediator-1.5.0 -in ontap-mediator-1.5.0.tsr -CAfile tsa-prod-chain-ONTAP-Mediator.pem -untrusted tsa-prod-ONTAP-Mediator.pem
Verification: FAILED
140074611029904:error:2F067065:time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing certificate error:ts_rsp_verify.c:311: