Hi,
On some client PCs which don't have internet connectivity, we have an issue with very slow loading web pages (eg Dashboards, App), configured for HTTPS. This takes up to 15 seconds, and only happens on the initial load of the page, after starting the browser.
The DevTools Network page indicates a 15 second load time for 'SSL'.
We already disabled the certificate revocation check in the internet options, as that is a known cause for delay on HTTPS pages when no internet connectivity is available. Afterwards, the client PC was restarted.
The problem still occurs in the Edge browser and the Cube embedded browser (configured for Chromium)
The problem does not occur with the Chrome browser.
Does anyone have an idea on how to deal with this?
The certificate contains:
– A ‘CRL Distribution Points’ fields which holds an internal CRL URL that is accessible by the client.
– An ‘Authority Information Access’ field which holds an internal OCSP URL that does not seem to be reachable (HTTP 500 and no ping) by the client
Not sure if investigating it via Wireshark would reveal more of what is happening and what is causing the delay?
I would not recommend to disable certificate revocation checks on client pcs, because this impacts the security of all certificates and should be seen as a general security concern.
Could you keep us informed in case there is any update on your findings?
In case you are not able to figure it out, i would suggest to create a support ticket at techsupport@skyline.be for a more in depth investigation
Do you have more information about the certificate that is being used? If the client PCs don’t have Internet access, then you shouldn’t use a certificate with a CRL or OCSP that requires Internet access. The revocation list should be accessible by the client (could be hosted internal or use a certificate without revocation).