Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4393

Reduce number of errors from the OCSP signing cache about expired CAs

    Details

    • Issue discovered during:
      Customer
    • Epic Link:

      Description

      Currently the OCSP signing cache generates a lot of log error messages when there's an expired CA (even for External CAs). Can we reduce the number of messages? Either by not reporting an error in certain cases, and/or limiting the severety to warning or info in some cases.

      2015-01-02 03:04:05,067 ERROR [org.cesecore.util.CertTools] (EJB default - 6) The OCSP signing certificate with serial number 'nnnn' issued by the CA 'xxxx' has expired.

      I'm not sure this should be changed though. We should think about it. As a workaround it's possible to set the CA status to Offline (5).

      "ejbca.sh ca deactivate" throws a stack trace that keybinding could not be found. Even if it is not a CA with signature keys in the OCSP responder (External CA).
      This should work.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mikek Mike Agrenius Kushner
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: