none
OCSP Verification failed with error code RRS feed

  • Question

  • Hi All,

    Can you please help us with following error while configuring OCSP while validating through below command.  CDP and AIA is working but OCSP validation have issue. Though OCSP configuration showing no error.

    certutil -verify -urlfetch C:\Users\user\Desktop\test.cer

     

      ----------------  Certificate OCSP  ----------------

      Failed "OCSP" Time: 0

        Error retrieving URL: Method not allowed (405). 0x80190195 (-2145844843 HTTP_E_STATUS_BAD_METHOD)

        http://crl2.domain.local/ocsp

    Also PKI view shows below error:

    Image

    Please find the environment details as follows.

    Currently we have two enterprise PKI env. 

    Old Env: Single Server served as Root CA and Issuing CA

    New Env: Two layer architecture: Offline Root CA   and   Enterprise Issuing CA 

    Thursday, July 18, 2019 8:51 AM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    In my test environment, I can see the OCSP Location is http://2019server.fabrikam.com/ocsp

    2019server is my Web server name.

    And fabrikam.com is my domain name.




    But from the screenshot, I can see OCSP Location is http://crl2.domain.local/ocsp

    Is crl2 our Web server name? If no, we can reconfiguration the 
    OCSP Location according to the article.

    AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment
    https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx




    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 19, 2019 9:18 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 7:15 AM
    Moderator
  • Hi,

    Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
     
    Again thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 24, 2019 7:02 AM
    Moderator
  • Hi Daisy,

    very sorry for late response.

    yes, crl2 is the web-server configured for OCSP location and configured with LB.

    LB configured between two node OCSP server with active-active  mode and VIP IP has given for url: http://crl2.domain.local/ocsp

    

    Monday, July 29, 2019 12:47 PM