Google Chrome performs revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates. If Google Chrome is unable to obtain revocation status information, such certificates will be treated as revoked ('hard-fail'). Disabled: Google Chrome uses existing online revocation-checking settings. The recommended state for this setting is: Enabled (1) Rationale: Certificates shall always be validated. Impact: A revocation check will be performed for server certificates that successfully validate and are signed by locally-installed CA certificates. if the OCSP server goes down, then this will hard-fail and prevent browsing to those sites.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Require online OCSP/CRL checks for local trust anchors Default Value: Unset (Same as Disabled, and users can change)