ProxySG OCSP checking fails with the error message "invalid-response"
search cancel

ProxySG OCSP checking fails with the error message "invalid-response"


Article ID: 173046


Updated On:


ProxySG Software - SGOS


Users are unable to access some secure https web sites and receive an invalid-response error message in relation to OCSP (Online Certificate Status Protocol) checking.

The OCSP service maintains a list of revoked certificates. It is an alternative to using a Certificate Revocation List.

Error : OCSP check for server certificate failed due to error: "invalid-response"
An error occurred while checking revocation status of the certificate. Contact the administrator for further assistance.


Symantec ProxySG using OCSP.


The Certification Authority's OCSP server is failing to respond. In the example below, Qualys SSL Labs shows that the OCSP service at is failing:

OCSP Error Message


Check for any OCSP service issues with the relevant Certification Authority.

If the Certification Authority is experiencing degradation to their OCSP service, the only workaround is to delete the OCSP configuration in ProxySG.

Depending on the number of sites affected, you may be able to create a policy to workaround the issue but this would be very difficult to manage.