Problem

A VA responder fails to start and the last line of the server log contains the following message:

Certificate file OCSP_AUTH_TRUSTED_CA_STORE does not contain any valid certificate.

Resolution

This happens when the OCSP Authorization Extension has been configured, but no valid CAs are in the Trusted Client's CAs [OCSP Authorization Extension] store under the Certificates tab. To fix it, add or update the CAs by going to Certificates, then editing the Trusted Client's CAs [OCSP Authorization Extension] store.

If this extension was enabled by mistake, it can be deleted via Extensions > Configure Extensions and then deleting the OCSP Authorization Extension.