Today, a major Belgian Certificate Authority - GlobalSign is experiencing issues with OSCP (Online Certificate Status Protocol).
Many top websites are not accessible for more then 24 hours. It seems that GlobalSign did it by accident, after revoking some of the root certificates. Along with the root certificates, the intermediate certificates were also rejected by the web-browsers after providing the new revocation information over the OSCP.
GlobalSign reported that the error might correct in 4 days without any intervention, meanwhile, it will provide new certificates to the customers. Although GlobalSign CA took instant actions to prevent browser errors, many users reported that they still are unable to access the websites using major web-browsers such as Chrome or Firefox.
AlphaSSL CA - powered by GlobalSign is also affected by this issue.
Here are some of the tips to overcome the issue
- Clear the browser's cache
- Reboot the computer
- Clear CRL & OSCP cache (Start Menu -> Run , Enter the following command certutil -urlcache * delete, for OSX type sudo rm /var/db/crls/*cache.db )
A solution for web service provides is to switch to a different CA such as GeoTrust or Thawte.