The OCSP responder reports that the certificate is expired/invalid but you verify that the certificate is valid.
To confirm that this is the issue, check the PCAP.
In this instance, the
nextupdate time has already passed, meaning an update was missed (for whatever reason).
Blue Coat is unable to provide a resolution for this, as this is beyond Blue Coat's control. See below for a workaround.
The workaround is to tell the ProxySG appliance to ignore the setting passed by the OCSP responder, and use the value set in the
Device Profile instead.
In the Management Console, select
Configuration > SSL > OCSP, select your profile, then click
Edit. You will see the
Edit OCSP responder dialog.
Response Cache TTL from
Use TTL from the OCSP response (the default) to
Blue Coat has been successful setting this to 1 day; you might need to extend this period slightly.
Imported Document ID: 000023264
Subscribing will provide email updates when this Article is updated. Login is required.