ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
User gets access denied page due to Online Certificate Status Protocol (OCSP) Internal Error
Article ID: 172240
Web Security Service - WSS
An end user goes to a webpage and receives an unexpected exception page "OCSP Error on server certificate" (Online Certificate Status Protocol)
Tech support information: ssl_server_cert_ocsp_check_failed
The Web Security Service checks validity on all certificates by using OCSP.
If the OCSP provider responds with an invalid or incorrect response then the service denies access to the resource.
The following are the valid workarounds that can be used
- Add the domain into the Trusted Destinations exemption list
- Solutions -> Threat protection -> Policy -> Trusted Destinations.
- Bypass the URL
- Service > Network > Bypassed Sites > Bypassed Domains and add the URL to the list (Note: Only applicable for Explicit Proxy and Unified Agent).
Alternatively, contact the resource owner to let them know of the misconfiguration.