No CertificateData found with fingerprint xxx on VA #507
Replies: 3 comments 3 replies
-
So what it does internally is:
So you need to have the subjectDN, issuerDN and issuerFingerprint columns all set correctly, the certificates in the chain must have subject/authorityKeyIDs, and the correct certificates with matching auth/subjectKeyIDs must be there. |
Beta Was this translation helpful? Give feedback.
-
Thank you! It appears that when I sync the entire ejbca database between the CA and VA and not just the CertificateData table, the error about "no certificate data found" goes away. Do you know what the essential tables are that the VA must have synced with the CA? I dont want to sync the entire database, just the tables that are necessary. Thanks, Max |
Beta Was this translation helpful? Give feedback.
-
Great question. We have some documentation here: But since that was written a few (perhaps relevant) tables have been added. Like Base64CertData, NoConflictCertificateData, OcspResponseData. Try with these and let me know if I should update the documentation. |
Beta Was this translation helpful? Give feedback.
-
My VA server has the CertificateData table constantly synced with my CA. I have imported all the active CA certs on my CA into my VA as external CAs.
Yet in the server.log i constantly see: No CertificateData found with fingerprint 049a1b0baf74aea8a811f24c8d72dba59a4e029b for 'CN=SUBCAOCSP' issued by 'CN=SUBCA'.
Yet if i Query the ejbca.CertificateData table on my VA:
MariaDB [ejbca]> select fingerprint from CertificateData;
+------------------------------------------+
| fingerprint |
+------------------------------------------+
| 049a1b0baf74aea8a811f24c8d72dba59a4e029b |
+------------------------------------------+
9 rows in set (0.000 sec)
The fingerprint IS there. All of the certs exist in the database. This makes it so that when i make an ocsp request i get :
Unable to build certificate chain for OCSP signing certificate with Subject DN 'CN=Responder'. CA with Subject DN 'CN=SUBCAOCSP' is missing in the database.
However it DOES exist in the database. Im confused.
I tried refreshing the cache through the cli, and rebuilding the jar. Is there something I'm missing here? Even the ManagementCA has this status (no certificate data found), but I have admin privileges and can use the admin portal.....
Beta Was this translation helpful? Give feedback.
All reactions