ONTAP Mediator code check error querying ocsp responder

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 297

Visibility:: Public

Votes:: 0

Category:: metrocluster

Specialty:: metrocluster

Last Updated:

Applies to

MetroCluster IP
ONTAP 9
ONTAP Mediator version 1.5.0 and above

Issue

The OCSP query in the ONTAP Mediator code verification check fails:

[root@server1 ontap-mediator-1.5.0]# openssl ocsp -issuer csc-prod-chain-ONTAP-Mediator.pem -CAfile csc-prod-chain-ONTAP-Mediator.pem -cert csc-prod-ONTAP-Mediator.pem -url http://ocsp.entrust.net -resp_text -respout resp.der

Error querying OCSP responder

[root@server1 ontap-mediator-1.5.0]# openssl ts -verify -data ontap-mediator-1.5.0.sig -in ontap-mediator-1.5.0.sig.tsr -CAfile tsa-prod-chain-ONTAP-Mediator.pem -untrusted tsa-prod-ONTAP-Mediator.pem

Verification: FAILED

140046709598096:error:2F067065:time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing certificate error:ts_rsp_verify.c:311:

[root@server1 ontap-mediator-1.5.0]# openssl ts -verify -data ontap-mediator-1.5.0 -in ontap-mediator-1.5.0.tsr -CAfile tsa-prod-chain-ONTAP-Mediator.pem -untrusted tsa-prod-ONTAP-Mediator.pem

Verification: FAILED

140074611029904:error:2F067065:time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing certificate error:ts_rsp_verify.c:311: