000019915 - Unable to use OCSP responder in KCA 6 on Solaris 8

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019915
Applies ToKCA 6.0.1
Sun Solaris 2.8
OCSP
IssueUnable to use OCSP responder in KCA 6 on Solaris 8
- <LOG_DATA>
- <![CDATA[ OCSP Transaction: TimeOfOCSPRequest(GMT):Tue Mar 12 14:21:28 2002|OCSPPort:80|ResponseStatus:XrcBADSYNTAX| ]]>
</LOG_DATA>
KCA 6.0.1 is installed on the Solaris 8 platform. The CA is correctly configured to respond to OCSP requests from third party clients. However, against some clients such as Valicert Validator for Apache or Lexign Prosigner (ex Elock), the OCSP handshake and the following error message is included in the KCA audit log:

- <LOG_DATA>
- <![CDATA[ OCSP Transaction: TimeOfOCSPRequest(GMT):Tue Mar 12 14:21:28 2002|OCSPPort:80|ResponseStatus:XrcBADSYNTAX| ]]>
</LOG_DATA>

Previous versions of KCA worked without any problems with these OCSP clients.
ResolutionAn issue was identified with the OCSP responder in KCA 6.0.1 for the Solaris platform. This issue is resolved build 7 of 6.0.1 and in the release version of KCA 6.0.2.
Legacy Article IDa13357

Attachments

    Outcomes