diff --git a/src/auth.c b/src/auth.c
index 0ba0070..5a6c351 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -123,6 +123,10 @@ static int ocsp_check(char *client_cert)
 	if (X509_STORE_CTX_get1_issuer(&issuer, &store_ctx, cert) != 1) {
 		fprintf(stderr,
 			"get1_issuer from cert failed; using config file\n");
+		if (get_config_string("//idpc:ocspIssuer") == NULL) {
+			fprintf(stderr, "no ocspIssuer set\n");
+			return -1;
+		}
 		fcert = fopen(get_config_string("//idpc:ocspIssuer"), "r");
 		if (!PEM_read_X509(fcert, &issuer, NULL, NULL)) {
 			fprintf(stderr, "reading issuer cert failed\n");