Unable to verify OCSP Responder's signature (certificate-based authentication error)
Last Modified: 2023-08-07 05:18:41 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Unable to verify OCSP Responder's signature (certificate-based authentication error)
Technical Articles ID:
KB93133
Last Modified: 2023-08-07 05:18:41 Etc/GMT Environment
ePolicy Orchestrator (ePO) 5.10.x, 5.9.x
Problem
Certificate-based authentication fails intermittently. Authentication can fail when you log on to the ePO console with certificate-based authentication that validates against an Online Certificate Status Protocol (OCSP). The failure occurs when the ePO server is unable to validate the authenticity of the OCSP server. The error in java.security.cert.CertPathValidatorException: Unable to verify OCSP Responder's signature Solution
Confirm that the certificate the OCSP responder validates is added to the ePO server's CA certificate store. NOTE: Not all OCSP responders are configured to require this certificate check. For more information, see the OCSP vendor's support documentation. Affected ProductsLanguages:This article is available in the following languages: |
|