An invalid ocsp signing certificate error code occurs when the ocsp response is signed with an invalid certificate. This can happen for a variety of reasons, including if the certificate has expired, been revoked, or is otherwise not valid. This error code can also occur if the ocsp response is not signed at all.
1. Update the signing certificate
- Navigate to the "Signing Certificates" tab in the OCS Portal.
- Select the certificate that needs to be updated and click on "Update Signing Certificate".
- On the "Update Signing Certificate" window, select "Update from Certificate Authorities" and select the certificate authority (CA) that issued the certificate that needs to be updated.
- On the "Update from Certificate Authorities" window, select "Properties" and then "Serial Number" to view the certificate's serial number.
- In the "Serial Number" field, input the new serial number that corresponds to the certificate that needs to be updated.
- Click on "Update Signing Certificate" to update the certificate.
2. Revoke the signing certificate
- Access the Certificate Authorities page in the PKI Management Console.
- Select the certificate authority (CA) that issued the invalid ocsp signing certificate.
- Click the Revoke Signing Certificate button.
- On the Revoke Signing Certificate page, click the Revoke button.
- On the Revoke Signing Certificate page, provide the following information:
- CA name
- Signing certificate name
- URL of the revocation certificate
- Description of the revocation
- Click the Revoke button.
3. Get a new signing certificate
- Request a new signing certificate from your certificate authority.
- Upload the new signing certificate to your server.
- Update the ocsp response on your website to use the new signing certificate.