Currently the OCSP signing cache generates a lot of log error messages when there's an expired CA (even for External CAs). Can we reduce the number of messages? Either by not reporting an error in certain cases, and/or limiting the severety to warning or info in some cases.
2015-01-02 03:04:05,067 ERROR [org.cesecore.util.CertTools] (EJB default - 6) The OCSP signing certificate with serial number 'nnnn' issued by the CA 'xxxx' has expired.
I'm not sure this should be changed though. We should think about it. As a workaround it's possible to set the CA status to Offline (5).
"ejbca.sh ca deactivate" throws a stack trace that keybinding could not be found. Even if it is not a CA with signature keys in the OCSP responder (External CA).
This should work.