Exchange 2010 for The Certificate Status Could Not Be Determined Because the Revocation Check Failed
After I have imported a Comodo certificate through the Exchange Management Console (EMC), I am unable to assign it any services due to the error message of: "The certificate status could not be determined because the revocation check failed."
This can be caused by any number of different reasons:
- Lack of network connectivity or Internet Outage
- Network or proxy misconfiguration: See MS KB ID 979694
- Intentional blocking of Internet connectiopn from the server.
- CRL/OCSP issues with the CA.
- Stale or out of date CRL information.
- Missing or incomplete CA certificate(s) on server.
- Verify that all certificates in the hierarchy are installed.
- Verify network & Internet connectivity.
- Verify connectivty to the CRL and OCSP URLs for all certificates in the certificate's hiearchy. (using a browser)
- Ensure that appropriate proxy settings are being used by Exchange. (Recommended, works 99.999% of the time) See MS KB ID 979694. Useful if you're using MS ISA or TMG!!
- Refresh CRL cache. See How to refresh the CRL cache on Windows (Windows PKI Blog)
If all else fails, use the 'Enable-ExchangeCertificate' cmdlet to enable the services for your certificate as this less restrictive than the EMC. See Assigning/Enable additional services on an existing certificate (Comodo Support) for more information on how to do this.
- Error message when you import a third-party certificate into Exchange Server 2010: "The certificate status could not be determined because the revocation check failed" (Microsoft Support)
- EMC and certificates with failed revocation checks in Exchange 2010 (Exchange Team Blog)
- How to refresh the CRL cache on Windows Vista (Windows PKI Blog)