The system considers the server certificate to be "untrusted", if it does not contain a CRL DP (Certificate Revocation List Distribution Point) and has OCSP only.
The system considers the server certificate to be "trusted", if it does not contain both CRL DP and OCSP url. This issue was fixed, refer "solution" section.