Enableocsp checking on KRA with CA's secure port shows self test failure.

Here we will address this by putting a comment in the server.xml,
around the area where the ocsp settings are document.

2 files changed, 5 insertions, 0 deletions

diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index db4337894..c78bdbdc0 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -167,6 +167,8 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
       Here are the definition to all the OCSP-related settings:
         enableOCSP - turns on/off the ocsp check
         ocspResponderURL - sets the url where the ocsp requests are sent
+          Make sure this URL uses the NON SSL or HTTP port for the OCSP interface.
+          Ex: use 8080 instead of say 8443.
         ocspResponderCertNickname - sets the nickname of the cert that is
         either CA's signing certificate or the OCSP server's signing
         certificate.
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index a9d338fa1..ddbe009e4 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -186,6 +186,9 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
       Here are the definition to all the OCSP-related settings:
         enableOCSP - turns on/off the ocsp check
         ocspResponderURL - sets the url where the ocsp requests are sent
+            Make sure this URL uses the NON SSL or HTTP port for the OCSP interface.
+            Ex: use 8080 instead of say 8443.
+
         ocspResponderCertNickname - sets the nickname of the cert that is
         either CA's signing certificate or the OCSP server's signing
         certificate.