User begins getting the following error on Internet Explorer on certificate resigning SSL:
"Revocation information for the security certificate for this site is not available. Do you want to proceed?
Yes \ No \ View Certificate"
Why is Chrome not affected:
Chrome is not affected because Chrome disabled OCSP checks by default in 2012, citing latency and privacy issues.
To avoid the error, do the following:
- Disable the OCSP check in IE
- Remove CRL/OCSP disk cache entries on the client machine. From the Windows command line run:
> certutil -urlcache OCSP delete
- Perform "Clear SSL state" in Internet Explorer > Internet Options > Content.
If the steps above don't help, it will be necessary to clear the certificate resigning cache on the SSL Visibility appliance:On appliances running versions prior to 184.108.40.206, it is necessary to perform a factory reset since this cache is persistent to disk.
When running 220.127.116.11 and higher, the certificate resign cache is cleared upon a reboot and is *not* persistent on the disk anymore. Factory reset procedure is thus not necessary.
IMPORTANT: Remember that a factory reset will wipe the current configuration, and the SSL Visibility appliance will need to be bootstrapped again, so ensure that you back up everything on the appliance before proceeding.
Imported Document Id