• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 879
  • Last Modified:

Excange re-check revocation

Hi experts,

today I found one of our certificates with revocation-Check failed.
Watched at the CA and found errors in log that CRL could not be published. So manually published the CRL what worked finde. CA-Status is Ok now.
Only in Exchange Management Console the revocation-Check for this Certificate fails.

How can I re-check the status?

Actualizing the view in EMC doesn`t work.
Or do I only have to wait?
How long will it take?

Thanks a lot!
1
Systemadministration
Asked:
Systemadministration
  • 4
  • 3
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
How did you do the revocation and where was it done ??

- Rancy
0
 
SystemadministrationAuthor Commented:
I think Exchange does this check on his own.
In EMC in server-configuration -> Exchnage certificates there is one certificate with the status

"The certificate status could not be determined because the revocation check failed"

I think the CRl is available now. So i think Exchange is only showing this message because it has not rechecked revocation yet.

Could this be?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I guess its more that the cache is not being release for this information so lets wait :) .... as you say you fixed the issue and everything looks good and working so its just an update issue.

- Rancy
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
How did you Publish the cert ?
Can you run the command and check cert status

Get-ExchangeCertificate |fl

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Check these articles without miss

The Certificate Status could not be determined because the revocation check failed
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/299c8ebe-223c-43ab-8cbc-c8221991813a/

EMC - Certificate status could not be determined because revocation check failed
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/dda2a983-a509-4d78-b231-8d822de8f1ee

Error message when you import a third-party certificate into Exchange Server 2010: "The certificate status could not be determined because the revocation check failed"
http://support.microsoft.com/kb/979694

- Rancy
0
 
SystemadministrationAuthor Commented:
I solved this problem.
It was as follows:
At the beginning of this year we moved the CA from an old server "server1" to a new server "server2". Those server have different server-names.
I tried to check validity of my certificates and found that during a revocation-check the whole certificate-chain  is checked. In our case we have following chain:
CA-certificate -> Webserver-certificate

The Webserver-certificate has correct paths for CRL distribution poining to "server2".
The CA-certificate as wrong paths for CRL distribution pointing to "server1".
Server1 is not running anymore so the CRL can not be downloaded.

My solution is to put an entry into exchange servers hosts-file:

123.123.123.123 server1.domain.de

Open in new window

where 123.123.123.123 is the IP of server2
After that revocation status is allright because requests for "server1" go to "server2".

Another solution could be a DNS-entry in DNS-server.

Maybe this can help somebody.
0
 
SystemadministrationAuthor Commented:
Own solution
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now