i wants to publish a website over tmg 2010 with https and listener activated for Certificate Client Auth for a special Client Cert Trust List...
I have a User Cert with the line up to an Sub Cert (with CDP reachable from tmg) and and offline root CA Cert without CDP in the root Cert.
so i habe the Problem with my User Cert that i get the error: "Error Code: 500 Internal Server Error. The certificate is revoked".
What can i do against this ?
In TMG i get this error in the AltertsTab:
Description: The client certificate was revoked due to an invalid or missing Certificate Revocation List (CRL). The CRL may have expired and Forefront TMG was unable
to download a valid CRL. Verify that the CRL download system policy configuration group is enabled and that there is connectivity to the CRL Distribution Points (CDPs).
I already read about this problem this "As HowTo said,
Microsoft (paradoxically) expects the Root CA's certificate to have a CDP .
Once this has been done, then the entire certificate chain will be validated." Link to Forum
I had a similar issue which ended up being that the certificate for the Intermediate had been installed into the Untrusted Publishers in IE on the TMG. I removed it from there and everything started working.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.