GlobalSign revoked one of its cross-certificates that allowed end-user certificates to chain to alternate root certificates. The revocation of such a certificate was interpreted by some browsers and systems as a revocation of intermediate certificates that chained back to it. GlobalSign took immediate steps to fix the issue, but users might still receive certificate errors for days to come because OCSP responses are cached in browsers and servers. The company has provided a troubleshooting guide for the different types of certificates it issues and instructions to clear OCSP caches.”]