Hello,
Generally, if you want to avoid some certificate issue, you should allow your client to access the ocsp url defined in the certificate.
The reason is that your client, when seeing a certificate with an ocsp url included, will try to contact that url to check if the certificate is revocated.
If the url is unreachable more and more browser will display a certificate issue.
Cheers,
Julien