033530B4 OCSP response signature algorithm not in signature algorithm pairs list.
Explanation
The OCSP response was signed with an algorithm that was not specified in the OCSP response signature algorithm pairs list.
User response
Verify that the signature algorithms included in the response signature algorithm pairs list (the
ocspResponseSigAlgPairs parameter within the gskdb_ocsp_source structure) are
supported by the OCSP responder and are valid based on the certificate being validated. For example,
the OCSP responder may ignore an signature algorithm of SHA-224 with RSA encryption if the
certificate being validated is an ECDSA certificate. Ensure that the OCSP responder supports the
OCSP preferred signature algorithms extension. The OCSP response signature algorithm pairs list may
need to be updated to include the algorithm that the OCSP responder is using to sign the OCSP
response. See Table 6 for a list of valid 4-character signature
algorithm pair definitions. Collect a System SSL trace containing the error and then contact your
service representative if the error persists.