Hi Mates,

I'm dealing witih some strange behavior. Let me explain:

Customer has a Maestro Security Group that is running one VS with MAB enabled (for SSL VPN).  They are authenticating every user with personal certificates issued by public authorities. Initially the cluster was running R81.10 so being old the customer eventually upgraded to R82 Take 91.

Since then, there's one authority that is no longer working affecting 'bout 400 users.  Workaround 🙂 generated internal certificates and everyone's happy. For the moment!

Upon cvpnd debug (and lol, it's same error in SmartConsole but I though that I will find diamonds there) the error that haunts me is:

[5455][28 May 19:34:50][AUTHNMAN] [CVPN_ERROR] Cvpn::AuthnManager::renegotiateCb: res=(0) - there was an error during renegotiation.
[5455][28 May 19:34:50][AUTHNMAN] [CVPN_INFO] Cvpn::AuthnManager::renegotiateCb: Certificate is not revoked
[5455][28 May 19:34:50][AUTHNMAN] [CVPN_WARNING] Cvpn::AuthnManager::doFailedOnRenegotiateError: Renegotiation failed. Error message: 'SSL renegotiation failed with error: 'Failed to fetch OCSP. Make sure the security gateway has an outgoing http access, and that the proxy and DNS servers are well configured.''

I have tried everything!  Gateway has full internet access, it can reach the certificate's decalred OCSP server. I have even tried to force CRL. I have replicated the environment in my homelab and I have basically the same configuration (with different public facing IP address) and even installed  R82 Take 113 as there was PRJ-65538 that caught my eye.

Case opened - India TAC - allow me to say useless as the engineer was looking at the portal's certificate and said it's not the same as customer's certificate 😞

I literally have no idea what the hell happened from R81.10 to R82 but "Failed to fetch OCSP" is driving me crazy.

Any ideas will really be appreciated. 
Thanks