One of my sites is behind a proxy server. At that site, some computers (a couple of XP machines, a Vista laptop, and now our new Server 2008) do not update their Verisign CRLs. These machines are not on a domain. I have been unable to find any information on how this mechanism works, or how to trigger it manually. Other machines at the site seem to be fine.
This is a major issue for us, because we use Patchlink over https. When that CRL becomes invalid, Patchlink stops working until I manually import the certificate by downloading it from Verisign and installing it by hand. Anyone have any ideas?