thank you for your reply 

yes, i have uploaded the server certificate CA-Certs  to both.

in fact , in this scenario, the same CA has signed the C + E certs .

it was cisco's advise because a WAF is involved.

and as for the question:

Is the FQDN in the zone setting in Exp-C included in the certificate of Exp-E?

yes,it is the expressway E FQDN (hostname+domainname)

thanks,

changed it to OFF

now Traversal is Active

but it only ensures that the problem is with the certificate.

just not sure what is the problem

probably related to the Error :Could not download the latest CRL or get OCSP Response.

but it only ensures that the problem is with the certificate. --> Yes and No.
Your certificates are correct, but the servers check the certificates against the CRL-servers (Certificate Revocation List), if the issuing CA has maybe revoked the certificate or not (maybe use google to understand that process better).

In your case probably, the Expressways cannot reach the CRL-server (cannot resolve the hostname or have no internet connection to it, ...) and therefore, cannot check if the certificates are still valid or not. and therefore, they don't trust each other.

If your issue is resolved, I would appreciate an "accepted solution"

Thanks again

all EXP servers are reachable for each other

is the CA that sign the certificates need to be reachable? because that is what showing under the CRL Distribution points in the certificate.

If the EXP reach each other has nothing to do with the CRL.

The server, that is checking the certificate has to reach the URL in the CRL points.
But again: lookup the info in the internet how this works. This is nothing Cisco or Expressway specific.

great, so the revocation is not necessary for my deployment ,ill keep it off.

thank you for your help

i have a certificate for all the nodes in the EXP_C cluster 

and a certificate for all the nodes in the EXP_E cluster