Bypass the CertPathValidatorException caused by malformed OCSP response

hack

After the Java update(Version 8 Update 31), the Juniper VPN applet stopped working due to the java.security.cert.CertPathValidatorException:

security: Failing over to CRLs: java.security.cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    ... ...

It looks like the SSL authentication handshake goes extra miles to obtain the revocation status of the digital certificate via OCSP protocol. The log also shows that our certificate provider, digicert doesn’t honor the OCSP request:

network: Connecting http://ocsp.digicert.com/ with proxy=DIRECT
network: Connecting http://ocsp.digicert.com:80/ with proxy=DIRECT
security: Failing over to CRLs: java.security.cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request

The workaround is pretty simple, just disable OCSP in Advanced tab of Java Control Panel:

Disable OCSP in Java
Disable OCSP in Java

Restart your browser to apply the option, you should be good to go.