i wants to publish a website over tmg 2010 with https and listener activated for Certificate Client Auth for a special Client Cert Trust List...
I have a User Cert with the line up to an Sub Cert (with CDP reachable from tmg) and and offline root CA Cert without CDP in the root Cert.
so i habe the Problem with my User Cert that i get the error: "Error Code: 500 Internal Server Error. The certificate is revoked".
What can i do against this ?
In TMG i get this error in the AltertsTab:
Description: The client certificate was revoked due to an invalid or missing Certificate Revocation List (CRL). The CRL may have expired and Forefront TMG was unable
to download a valid CRL. Verify that the CRL download system policy configuration group is enabled and that there is connectivity to the CRL Distribution Points (CDPs).
I already read about this problem this "As HowTo said,
Microsoft (paradoxically) expects the Root CA's certificate to have a CDP .
Once this has been done, then the entire certificate chain will be validated." Link to Forum
I had a similar issue which ended up being that the certificate for the Intermediate had been installed into the Untrusted Publishers in IE on the TMG. I removed it from there and everything started working.