InformationGoogle Chrome performs revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates. If Google Chrome is unable to obtain revocation status information, such certificates will be treated as revoked ('hard-fail').
Disabled: Google Chrome uses existing online revocation-checking settings.
The recommended state for this setting is: Enabled (1)
Certificates shall always be validated.
A revocation check will be performed for server certificates that successfully validate and are signed by locally-installed CA certificates. if the OCSP server goes down, then this will hard-fail and prevent browsing to those sites.
SolutionTo establish the recommended configuration via Group Policy, set the
following UI path to Enabled:
Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Require online OCSP/CRL checks for local trust anchors
Unset (Same as Disabled, and users can change)