Exchange 2010: Certificate
Revocation Issue
“The certificate status could not be
determined because the revocation check failed”
Issue:
On a windows 2008 R2 and Exchange 2010 SP2
RU2, after importing the certificate via EMC on a new server, certificate is
showing red circled cross and shows the status
“The certificate status could not be determined because the revocation
check failed”
Troubleshooting:
Exported the cert from other server and
imported on this new server.
Exported the cert from one other server and imported on this new
server
Configured the proxy on internet explorer and selected checkbox
“Bypass proxy server for local addresses”
Exported the cert from other server and imported on this new
server
Open certificates (local computer) and verified the chain is in
place in intermediate and root cert authority.
Open the cmd prompt with run as administrator and Run the cmd
netsh winhttp show proxy
But got the below output which was saying no proxy configured
"C:\windows\system32>netsh winhttp show proxy
Current Winhttp proxy settings:
Direct Access <no proxy server>".
So run the following cmd as per kb http://support.microsoft.com/kb/979694?wa=wsignin1.0
netsh winhttp set proxy
proxy-server=”http=myproxy” bypass-list=”*.host_name.com”
Now cmd “netsh winhttp show proxy” was
showing the proxy details.
Run the following cmd to Clear the URL cache
certutil -urlcache crl delete
certutil -urlcache ocsp
delete
Run the following cmd to Clear and Force re-sync
of cache
certutil -setreg
chainchaincacheresyncfiletime @now
Run the following cmd to Check validity of
the URLS in the cert
certutil -verify -urlfetch C:CertName.cer
Resolution:
Import the working certificate.
