ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

User gets access denied page due to Online Certificate Status Protocol (OCSP) Internal Error

book

Article ID: 172240

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

An end user goes to a webpage and receives an unexpected exception page "OCSP Error on server certificate"  (Online Certificate Status Protocol)

Tech support information: ssl_server_cert_ocsp_check_failed 
 error:"Internal-error"

Cause

The Web Security Service checks validity on all certificates by using OCSP.

If the OCSP provider responds with an invalid or incorrect response then the service denies access to the resource. 

Resolution

The following are the valid workarounds that can be used

  1. Add the domain into the Trusted Destinations exemption list
    • Solutions -> Threat protection -> Policy -> Trusted Destinations. 
  2. Bypass the URL
    • Service > Network > Bypassed Sites > Bypassed Domains and add the URL to the list (Note: Only applicable for Explicit Proxy and Unified Agent).

Alternatively, contact the resource owner to let them know of the misconfiguration.