Hi all, sorry for asking another question so quickly after the last but I am stuck on an OCSP issue now.
2 tier PKI, 2008 R2 Root CA and 2012 R2 Enterprise Subordinate.
When launching pkiview everything comes up fine except for OCSP. I have it configured correctly in the AIA extensions of the SubCA (with only the Include in the OCSP extension checkbox ticked) with a url ofhttp://ocsp/ocsp. There is a cname in DNS that points to actual server (different to the CA, running 2012 R2 as well though). OCSP can be pinged successfully.
The OCSP revocation configuration is also set up and reporting everything as OK in the OCSP console. Can also confirm that Network Service has been granted read permissions on the private key settings in the OCSP signing template. I've tried revoking the CAExchange certificate and restarting certsvc as well without luck.
When performing the normal OCSP checks the results are as follows;
certutil -url cert.cer
Error retrieving URL: Error 0x80190194 (-2145844844)
certutil -verify -urlfetch cert.cer
Failed "OCSP" Time: 0
Error retrieving URL: Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
I know it's not a proper test but for information sake browsing tohttp://ocsp/ocsp shows error 404 - file or directory not foundrather than what is expected with a working OCSP URL (500 - internal server error).
I've also uninstalled/re-installed the OCSP service (including IIS) without success. Any ideas?
thanks!