locked
Certificate revocation list RRS feed

  • Question

  • I have been asked to replicate our live App-V service in an isolated testing environment. Because it is literally a replica of the live service (right down to DNS names etc) it cannot be connected to the internet or to any live service.

    When the App-V client attempts a publishing refresh against the secure (RTSPS port 322) App-V management server, the refresh fails, and an error message is returned "The Application Virtualization Client could not update publishing information from the server AppV-Server. The revocation function was unable to check revocation because the revocation server was offline. Error code: 4615186-24c0332a-80092013".

    I assume that the problem is literally what it says i.e. the App-V client needs to connect to a revocation server, but can't as there is no internet connection. Is there any way of configuring the client to NOT check for certificate revocation? Is there any other work-around? I realise this is not a good thing to do for a live service, but this is a test and development service which needs to be identical (as close as possible) to the live service. Providing an internet connection is not an option as it simply won't be permitted.

    The App-V server certificate was provided to me by an external CA. I don't think there is any problem with the certificate as such, as it works on the live service (which DOES have an internet connection).

    Any assistance woule be much appreciated. Thanks.

     

     

    Tuesday, January 3, 2012 1:57 PM

Answers

  • Thanks all for your responses. Unfortunately the proxy settings recommendations weren't an option for me as this is an isolated test service with NO internet connection possible, not even via a proxy.

    In case anyone else has the same issue, here's what I did:

    I "worked around" the problem by downloading the CRLs from the web locations specified in each of the certificates, saving them to a CD, and then importing them locally into each App-V related computer in my isolated App-V test environment.

    Another option would have been to contact the external CA and ask them to issue new certificates configured with No CRL source, but the first option was easier for me.


    Friday, January 6, 2012 3:30 PM

All replies