• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 670
  • Last Modified:

PKI Error Message

I have created a Root CA and a subordinate.  When I import the certificate from root CA to the subordinate I get the followin
error message :

Cannot verify certificate chain. Do you wish to ignore the error and continue ? The revocation function was unable to check revocation because revocation server was offline.

After click on OK and try to start the CA service the following error appear :

The revocation function was unable to check revocation because the revocation server was offlilne.

Has anyone a resolution for the issue ?
0
CaussyR
Asked:
CaussyR
  • 2
  • 2
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
Tear down and rebuild time.  When you setup the root CA you didn't specify the location that is available for the certificate revocation and probably the AIA records as well. You need to point these to a webserver that already exists on your network.
0
 
CaussyRAuthor Commented:
Hi David, appreciate your help.

I do have the followingin the post script :

::Apply the required AIA Extension URLs
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11\n2:http://CertCentral.stbc3.jstest3.net/CertData/%%1_%%3%%4.crt"

Therefore, do I need this entry to be run ? Can I add the AIA extenstion later ?  Also, does the URL http://CertCentral.stbc3.jstest3.net have to just be available in DNS or does the installation require access to an online site ?  If the installation requires access to an online site, do I need to install the Web Authority option first ?
0
 
David Johnson, CD, MVPOwnerCommented:
A web authority and a CRL are two distinct web pages.
Brian Komar - How not to Screw up your PKI
0
 
CaussyRAuthor Commented:
Thanks David for all your assistance and links.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now