Solved

PKI Error Message

Posted on 2014-09-25
4
499 Views
Last Modified: 2014-10-06
I have created a Root CA and a subordinate.  When I import the certificate from root CA to the subordinate I get the followin
error message :

Cannot verify certificate chain. Do you wish to ignore the error and continue ? The revocation function was unable to check revocation because revocation server was offline.

After click on OK and try to start the CA service the following error appear :

The revocation function was unable to check revocation because the revocation server was offlilne.

Has anyone a resolution for the issue ?
0
Comment
Question by:CaussyR
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40345366
Tear down and rebuild time.  When you setup the root CA you didn't specify the location that is available for the certificate revocation and probably the AIA records as well. You need to point these to a webserver that already exists on your network.
0
 

Author Comment

by:CaussyR
ID: 40345493
Hi David, appreciate your help.

I do have the followingin the post script :

::Apply the required AIA Extension URLs
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11\n2:http://CertCentral.stbc3.jstest3.net/CertData/%%1_%%3%%4.crt"

Therefore, do I need this entry to be run ? Can I add the AIA extenstion later ?  Also, does the URL http://CertCentral.stbc3.jstest3.net have to just be available in DNS or does the installation require access to an online site ?  If the installation requires access to an online site, do I need to install the Web Authority option first ?
0
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40348250
A web authority and a CRL are two distinct web pages.
Brian Komar - How not to Screw up your PKI
0
 

Author Closing Comment

by:CaussyR
ID: 40363339
Thanks David for all your assistance and links.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't log in to windows 7 11 59
paging file usage  > 95% for 30 min about 12 29
Laptop "remote wipe" -- stolen ? 10 88
sql server service accounts 4 21
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question