Error Code: 500 Internal Server Error. The certificate is revoked. / TMG 2010 Publishing with CA Client Auth / Online Sub CA with CDP and Offline Root CA without CDP


  • Hello together, 

    i have the following problem: 

    i wants to publish a website over tmg 2010 with https and listener activated for Certificate Client Auth for a special Client Cert Trust List... 

    I have a User Cert with the line up to an Sub Cert (with CDP reachable from tmg) and and offline root CA Cert without CDP in the root Cert.

    so i habe the Problem with my User Cert that i get the error: "Error Code: 500 Internal Server Error. The certificate is revoked".

    What can i do against this ?

    In TMG i get this error in the AltertsTab:

    Description: The client certificate was revoked due to an invalid or missing Certificate Revocation List (CRL). The CRL may have expired and Forefront TMG was unable
    to download a valid CRL. Verify that the CRL download system policy configuration group is enabled and that there is connectivity to the CRL Distribution Points (CDPs). 

    I already read about this problem this "As HowTo said, Microsoft (paradoxically) expects the Root CA's certificate to have a CDP [Eek!] . Once this has been done, then the entire certificate chain will be validated." Link to Forum

    Also ive found this post:

    So but i think that cannot be the solution... 

    What else can i do ?




    13/شعبان/1433 11:54 ص


جميع الردود