We were having an issue with re-keying an SSL cert for our OWA site. As of this afternoon, we are running the new cert, however EMC is showing an error with the revocation status and it seems negligible to the functionality so far.
Here is what happened: We went to install the new cert from GoDaddy, requested the cert to be rekeyed, went through the CSR process, downloaded the new cert, completed the request, then realized the cert process gave an error with revocation failing.
Immediately I was trying to troubleshoot with networking and possibly issues with the firewall, but everything was wide open. Upon countless searches I came across many people fixing their issues with NetSh commands to our proxy (we have it set to direct connection), but that did not fix our issue.
Next I tried adding the CRL sites into the Trusted zones, let the firewall let all traffic from our subnet out without any restrictions, I tried clearing out the queues on CertUtil for both, that did nothing as well.
I finally decided to check the cert manually and noticed there was no error. According to CertUtil, the cert was completely fine. So I started poking around IIS and realized it's still wanting to use the old cert obviously because the new one "is revoked and not authorized for use", and I forcibly added the cert there, went back to the EMC and noticed the cert still revoked, but has IIS as a service.
I tested with my mobile devices and confirmed the new cert is now being used. This sounds all great, but the cert shows as a big red X and I'm afraid to even touch this considering the amount of damage this causes our users, especially since about half rely on mobile email.
My question is, how can I troubleshoot this more? What kind of options do I have to clean this mess up? Is my work-around acceptable for long term use? (we have about 4 years left on the cert).
Any options and suggestions would be greatly welcomed!