Re: CA Troubles

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 08/06/05

  • Next message: Gopi: "Re: Antivirus System"
    Date: Sun, 7 Aug 2005 00:14:23 +1000
    
    

    Well, the error message is self-explanatory: CRL checking fails. Probably
    you have the CDP on the same server with the root CA - offline. Bring it
    back online at least temporarily for a quick fix; change the location of CRL
    to something always reachble better yet.

    -- 
    Svyatoslav Pidgorny, MS MVP - Security, MCSE
    -= F1 is the key =-
    "Jaye" <address@company.com> wrote in message
    news:OK$qd9fmFHA.1416@TK2MSFTNGP09.phx.gbl...
    > Hello,
    >
    > I am in the process of setting up a two-tier implentation of Certificate
    > Services in a Windows 2003 Server environment (Offline Root and Online
    > Issuing).  I get all the way to the point of installing a requested
    > certificate from my Offline Root to my Online Issuing and I get the
    > following errors.
    >
    > --------------------------
    > Cannot verify certificate chain.  Do you wish to ignoew the error and
    > continue?  The revocation function was unable to check revocation
    > because the revocation server was offline.
    > --------------------------
    >
    >
    > I click OK on that warning and then try to start the Certificate
    > Services and get the following error.
    >
    >
    > --------------------------
    > The revocation function was unable to check revocation because the
    > revocation server was offline.
    > --------------------------
    >
    > Does anyone have any insight in to what is causing those errors?
    >
    > Thank you,
    >
    > ~Jaye
    

  • Next message: Gopi: "Re: Antivirus System"

    Relevant Pages

    • RE: Offline Root CA issue
      ... I had to change the validity of the CRL ... subordinate online CA server in an Windows 2003 Server environment (virtual ... I have exported the CRL from the offline root into the online ...
      (microsoft.public.dotnet.security)
    • Re: can a microsoft enteprise Root CA be offline?
      ... > I have notice that if the CA server is offline, ... > cannot be authenticated by the IAS server. ... > Isn=3Ft it suppose that the the certificates are valid by them selfs? ... the root CA must be installed as a Standalone ...
      (microsoft.public.win2000.security)
    • installing an offline root CA
      ... i am trying to follow the how to article # 271386 for installing an offline ... root CA but i am using server 2003, i'm stuck on the dsstore utility. ...
      (microsoft.public.security)
    • RE: Three Errors on Server 2003 SB Any idea?
      ... occurring on your SBS 2K3 Server: ... expand the Recipients object -> Offline ... Address Lists. ... Ensure a valid Public Folder Store is set for the Offline Address ...
      (microsoft.public.windows.server.sbs)
    • Re: EMERGENCY! Offline Files Disappearing / Vanishing
      ... I would not even consider an undertaking like reinstalling a server as ... Folder Options -> Offline Files." ... have not yet seen the event logs on the laptop itself. ...
      (microsoft.public.windows.server.sbs)