However, we would like to solve the problem by making the resources available instead of working around by disabling the authenticity checks all together. Before trying to understand, which resources need to be available I wanted to inquire with the community whether anyone has already dealt with this and could provide a list? We already allow the OCSP procotol completely, however, the loading times are still not better. For CRL retrievals we allow selctively to the publishing points of all well known CAs including also Microsoft, clearly we are still missing something. Any inputs are appreciated.
