User gets access denied page due to Online Certificate Status Protocol (OCSP) Internal Error
search cancel

User gets access denied page due to Online Certificate Status Protocol (OCSP) Internal Error

book

Article ID: 172240

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

An end user goes to a webpage and receives an unexpected exception page "OCSP Error on server certificate"  (Online Certificate Status Protocol)

Tech support information: ssl_server_cert_ocsp_check_failed 
 error:"Internal-error"

Cause

The Web Security Service checks validity on all certificates by using OCSP.

If the OCSP provider responds with an invalid or incorrect response then the service denies access to the resource. 

Resolution

The following are the valid workarounds that can be used

  1. Add the domain into the Trusted Destinations exemption list
    • Solutions -> Threat protection -> Policy -> Trusted Destinations. 
  2. Bypass the URL
    • Service > Network > Bypassed Sites > Bypassed Domains and add the URL to the list (Note: Only applicable for Explicit Proxy and Unified Agent).

Alternatively, contact the resource owner to let them know of the misconfiguration.