Remove From My Forums

The certificate status could not be determined because the revocation check failed

Question
1

Sign in to vote

I installed Exchange 2010 on an isolated lab network without Internet access. windows 2008 x64. When I tried to install a wildcard certificate from Digicert, I got this error:

The certificate status could not be determined because the revocation check failed. I've seen kb article 979694 which refers to a proxy server. We don't have a proxy server. When I run the netsh winhttp show proxy command from that article, I get: Direct access <no proxy server>.

So I'm guessing that the certificate needs to go out to the internet to get validated It can't get out, so I get this error. I did not get this error installing a certificate on an Exchange 2003 IIS certificate on the same isolated subnet.

Please help.

Friday, July 1, 2011 4:39 PM

Answers

0

Sign in to vote
Yes by design you have to disable the revocation check.
Configuring Exchange Servers Without Internet Access
http://blogs.technet.com/b/exchange/archive/2010/05/14/3409948.aspx
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
- Marked as answer by emma.yoyo Friday, July 8, 2011 1:35 AM
Friday, July 1, 2011 5:19 PM
0

Sign in to vote
By the way, if this is an isolated lab for test only, a self-signed certificate or internal CA one is enough.

More information about Exchange certificate:

Certificate Use in Exchange Server 2007

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

Frank Wang

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tngfb@microsoft.com

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by emma.yoyo Friday, July 8, 2011 1:35 AM
Monday, July 4, 2011 7:16 AM

All replies

0

Sign in to vote
Yes by design you have to disable the revocation check.
Configuring Exchange Servers Without Internet Access
http://blogs.technet.com/b/exchange/archive/2010/05/14/3409948.aspx
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
- Marked as answer by emma.yoyo Friday, July 8, 2011 1:35 AM
Friday, July 1, 2011 5:19 PM
0

Sign in to vote
By the way, if this is an isolated lab for test only, a self-signed certificate or internal CA one is enough.

More information about Exchange certificate:

Certificate Use in Exchange Server 2007

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

Frank Wang

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tngfb@microsoft.com

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by emma.yoyo Friday, July 8, 2011 1:35 AM
Monday, July 4, 2011 7:16 AM
0

Sign in to vote

Hi MangroveGuy,

Any updates?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Tuesday, July 5, 2011 8:30 AM
0

Sign in to vote

You can assign a self assinged cerificate

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

Tuesday, July 5, 2011 8:39 AM
0

Sign in to vote

Hi MangroveGuy,

Any updates?
Frank Wang

Thursday, July 7, 2011 1:37 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

The certificate status could not be determined because the revocation check failed

Question

Answers

All replies