[IdM/IPA] Replica install fails with ERROR: Unable to validate ocsp_signing certificate: Invalid certificate: (-8101) Certificate type not approved for application.

Solution Verified - Updated -

Issue

  • Replica CA install fails with the error below:
Replica install fails with ERROR: Unable to validate ocsp_signing certificate: Invalid certificate: (-8101) Certificate type not approved for application.
  • Selftests fail with:
# pki-server subsystem-cert-validate ca
..
..
Cert ID: ocsp_signing
  Nickname: ocspSigningCert cert-pki-ca
  Usage: StatusResponder
  Token: Internal Key Storage Token
  Status: Invalid certificate: (-8101) Certificate type not approved for application.

Environment

  • Red Hat Enterprise Linux (RHEL) 9
  • Red Hat Identity Management

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content