Error in OpenAM 13.0.0 ocsp verification

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Error in OpenAM 13.0.0 ocsp verification

mat bingham

Hello all,

I have encounter an error "AMCertPath.getResponderURLString: Invalid ocsp responder url configured" when using ocsp certificate authentication in OpenAM Version 13.0.0 with Oracle Java 1.8.0_101-b13. Though the error shows in debug/CoreSystem file, the certificate bearer can authenticate into the system without any issue, as proved in the openam/log/authentication.csv file. The detail error msg are as the following:


amSecurity:08/10/2016 11:19:27:182 AM CDT: Thread[http-bio-8443-exec-11,5,main]: TransactionId[6e150062-3756-4dca-91fc-3f83c15dc7f6-425]
ERROR: AMCertPath.getResponderURLString: Invalid ocsp responder url configured
java.net.MalformedURLException: no protocol: 
        at java.net.URL.<init>(URL.java:593)
        at java.net.URL.<init>(URL.java:490)
        at java.net.URL.<init>(URL.java:439)

.....

.....

amSecurity:08/10/2016 11:19:27:182 AM CDT: Thread[http-bio-8443-exec-11,5,main]: TransactionId[6e150062-3756-4dca-91fc-3f83c15dc7f6-425]
ERROR: AMCertPath.verify: OCSP is enabled, but the com.sun.identity.authentication.ocsp.responder.url property does not specify a OCSP responder. OCSP checking will NOT be performed.

My questions are does not OpenAM obtain ocsp responder url automatically from the certificate? I could put a responder url in the configuration, what if I need to put more than one urls?

Thanks in advance,

Mat


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam