SSL Visibility - How to resolve the certificate revocation security alert
Last Updated May 13, 2017
User begins getting the following error on Internet Explorer on certificate resigning SSL:
"Revocation information for the security certificate for this site is not available. Do you want to proceed?
Yes \ No \ View Certificate"
This could mean that when a client on Internet Explorer receives a certificate it will send an OCSP (Online Certificate Status Protocol) request to verify if the certificate has been revoked to an OCSP server. If the Internet Explorer browser is not able to determine if it has been revoked and the browser is configured to expect an OCSP response, it provides this warning message.
Why is Chrome not affected:
Chrome is not affected because Chrome disabled OCSP checks by default in 2012, citing latency and privacy issues.
To avoid the error, do the following:
Disable the OCSP check in IE
Internet Explorer > Tools> Internet options> Advanced - Uncheck the 'Check for server certificate revocation' option.
Remove CRL/OCSP disk cache entries on the client machine. From the Windows command line run:
Perform "Clear SSL state" in Internet Explorer > Internet Options > Content.
If the steps above don't help, it will be necessary to clear the certificate resigning cache on the SSL Visibility appliance:
On appliances running versions prior to 188.8.131.52, it is necessary to perform
a factory reset since this cache is persistent to disk.
When running 184.108.40.206 and higher, the certificate resign cache is cleared upon a
reboot and is *not* persistent on the disk anymore. Factory reset procedure is thus not necessary.
IMPORTANT: Remember that a factory reset will wipe the current configuration, and the SSL Visibility appliance will need to be bootstrapped again, so ensure that you back up everything on the appliance before proceeding.
Imported Document ID: 000032362
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe