Hi there
Environment: Exchange 2010 SP2
Problem: The certificate status could not be determined because the revocation check failed
When I import a new internal CA certificate for my exchange server, it was unable to associate any service and said "The certificate status could not be determined because the revocation check failed"
In order to successfully associate services to the new certificate we run this command: Enable-ExchangeCertificate -Thumbprint $THUMBPRINT -Services POP, IMAP, IIS, SMTP
But the message "The certificate status could not be determined because the revocation check failed" still was showing.
so after that I did the following steps:
1. I Verified network connectivity.
2. I Verified connectivty to the CRL URLs for all certificates in the certificate's hiearchy. (using a browser)
3. I ensured that appropriate proxy settings are being used by Exchange. MS KB ID 979694.1.
Troubleshooting
1. I've Installed manually installed the CRL's for the Exchange server
2. I've followed the next procedure in order to set up correctly the proxy settings for the exchange server http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings/
3. Then I've deleted the CRL cache running certutil -urlcache crl delete
4. Finally, I restarted the exchange server but the problem continue “The certificate status could not be determined because the revocation check failed.
note: The only method to publish the CRL's in my internal PKI its just HTTP
Any advices in order to solve my problem?
Thanks in advance.
Regards,
Carlos
CAS