search cancel

User gets access denied page due to Online Certificate Status Protocol (OCSP) Internal Error


Article ID: 172240


Updated On:


Web Security Service - WSS


An end user goes to a webpage and receives an unexpected exception page "OCSP Error on server certificate"  (Online Certificate Status Protocol)

Tech support information: ssl_server_cert_ocsp_check_failed 


The Web Security Service checks validity on all certificates by using OCSP.

If the OCSP provider responds with an invalid or incorrect response then the service denies access to the resource. 


The following are the valid workarounds that can be used

  1. Add the domain into the Trusted Destinations exemption list
    • Solutions -> Threat protection -> Policy -> Trusted Destinations. 
  2. Bypass the URL
    • Service > Network > Bypassed Sites > Bypassed Domains and add the URL to the list (Note: Only applicable for Explicit Proxy and Unified Agent).

Alternatively, contact the resource owner to let them know of the misconfiguration.