User begins getting the following error on Internet Explorer on certificate resigning SSL:
"Revocation information for the security certificate for this site is not available. Do you want to proceed?
Yes \ No \ View Certificate"
This could mean that when a client on Internet Explorer receives a certificate it will send an OCSP (Online Certificate Status Protocol) request to verify if the certificate has been revoked to an OCSP server. If the Internet Explorer browser is not able to determine if it has been revoked and the browser is configured to expect an OCSP response, it provides this warning message.
Why is Chrome not affected:
Chrome is not affected because Chrome disabled OCSP checks by default in 2012, citing latency and privacy issues.
To avoid the error, do the following:
Internet Explorer > Tools> Internet options> Advanced - Uncheck the 'Check for server certificate revocation' option.
After unchecking the 'Check for server certificate revocation' option the windows system will need to be rebooted for this option to take effect. This is noted in the browser internet options window, "*Takes effect after you restart your computer".
> certutil -urlcache CRL delete
> certutil -urlcache OCSP delete
If the steps above don't help, it will be necessary to clear the certificate resigning cache on the SSL Visibility appliance:
On appliances running versions prior to 22.214.171.124, it is necessary to perform a factory reset since this cache is persistent to disk.
When running 126.96.36.199 and higher, the certificate resign cache is cleared upon a reboot and is *not* persistent on the disk anymore. Factory reset procedure is thus not necessary.
IMPORTANT: Remember that a factory reset will wipe the current configuration, and the SSL Visibility appliance will need to be bootstrapped again, so ensure that you back up everything on the appliance before proceeding.