Error in when Internet Explorer while browsing: "Revocation information for the security certificate for this site is not available"

book

Article ID: 171375

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to provide an explanation for the popup received when using Internet Explorer while going through a ProxySG appliance that is performing authentication.

Cause

When accessing websites, Internet Explorer performs background requests to download Certificate Revocation Lists (CRLs) from the internet using a nonstandard User-Agent: Microsoft-CryptoAPI

This User-Agent does not support the authentication methods provided by the proxy, and for this reason, it is unable to download the CRLs correctly if the proxy tries to authenticate those requests.

Resolution

Authentication needs to be disabled for the User-Agent in order for the popup to stop appearing. This can be done using the following CPL code:

<proxy>
request.header.User-Agent="Microsoft-CryptoAPI" authenticate(no) Allow

There are other User-Agents that have similar issues but display other kinds of errors. Refer to this article for more information on them:

https://support.symantec.com/en_US/article.TECH241213.html