bpappas schrieb: @mhuels: Have you configured the CRL/OCSP options on the Device tab -> Server CRL / OCSP Settings screen? -Benjamin Hi Benjamin, up to now, we did not have configured anything in the CRL/OCSP tab. Since 5 minutes, we have enabled the checking of revocation lists via CRL and OCSP. Testing on https://188.203.119.3 , the firewall blocks the ssl traffic (the browsers shows a timeout). Although it would be nicer not to drop but to bring out a security warning or an invalid certificate, this behaviour is tolerable for us. There are not so much diginotar certificates anymore ... Thanks for your hint. Manfred
... View more