SSL Certificate for Exchange 2013 status is not appearing as "Valid"

Hi,

I have got issued UCC SSL certificate for Exchange 2013 from GoDaddy. After receiving certificate when we imported it to Exchange 2013 CAS server its status was appearing as "Revocation Check Failed". We tried couple of things but no luck. Now, we have deleted that certificate.

what would be next step? do we need to regenerate CSR and resubmit it to third party CA (in our case, it is GoDaddy)?

Please as

May 25th, 2015 4:53pm

Hi,

I have got issued UCC SSL certificate for Exchange 2013 from GoDaddy. After receiving certificate when we imported it to Exchange 2013 CAS server its status was appearing as "Revocation Check Failed". We tried couple of things but no luck. Now, we have deleted that certificate.

what would be next step? do we need to regenerate CSR and resubmit it to third party CA (in our case, it is GoDaddy)?

Please as

Free Windows Admin Tool Kit Click here and download it now
May 25th, 2015 4:56pm

Hi,

The RevocationCheckFailure issue would occur due to a number of reasons, please do the following steps to have a try:

Please run the following cmdlet in the Exchange Management Shell to check the problematic certificate status:

Get-ExchangeCertificate | FL

If the status is RevocationCheckFailure, please check whether your WinHTTP proxy settings are configured properly for the Internet browser. To view the WinHTTP proxy settings, at a command prompt, run the following command:

netsh winhttp show proxy

If it is not configured, we can configure the WinHTTP proxy setting and the server FQDN in the WinHTTP bypass list by opening a command prompt, type the following command, and then press ENTER:

netsh winhttp set proxy proxy-server="http=myproxy" bypass-list="*.host_name.com"

After doing these things you can  recreate your CSR and get the certificate from godaddy, then import it again to Exchange server.

Additionally, please make sure the intermediate or root SSL certificates installed on the server and the Root CA Certificate was added to the computer Trusted Root CA Store. Here are some references about certificate revocation checks:

EMC and certificates with failed revocation checks in Exchange 2010

http://blogs.technet.com/b/exchange/archive/2010/07/26/3410505.aspx

https://support.microsoft.com/en-us/kb/979694  

Regards,

David 

May 26th, 2015 5:42am

Hi,

The RevocationCheckFailure issue would occur due to a number of reasons, please do the following steps to have a try:

Please run the following cmdlet in the Exchange Management Shell to check the problematic certificate status:

Get-ExchangeCertificate | FL

If the status is RevocationCheckFailure, please check whether your WinHTTP proxy settings are configured properly for the Internet browser. To view the WinHTTP proxy settings, at a command prompt, run the following command:

netsh winhttp show proxy

If it is not configured, we can configure the WinHTTP proxy setting and the server FQDN in the WinHTTP bypass list by opening a command prompt, type the following command, and then press ENTER:

netsh winhttp set proxy proxy-server="http=myproxy" bypass-list="*.host_name.com"

After doing these things you can  recreate your CSR and get the certificate from godaddy, then import it again to Exchange server.

Additionally, please make sure the intermediate or root SSL certificates installed on the server and the Root CA Certificate was added to the computer Trusted Root CA Store. Here are some references about certificate revocation checks:

EMC and certificates with failed revocation checks in Exchange 2010

http://blogs.technet.com/b/exchange/archive/2010/07/26/3410505.aspx

https://support.microsoft.com/en-us/kb/979694  

Regards,

David 

  • Marked as answer by shahry baba 11 hours 7 minutes ago
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2015 9:40am

Hi,

The RevocationCheckFailure issue would occur due to a number of reasons, please do the following steps to have a try:

Please run the following cmdlet in the Exchange Management Shell to check the problematic certificate status:

Get-ExchangeCertificate | FL

If the status is RevocationCheckFailure, please check whether your WinHTTP proxy settings are configured properly for the Internet browser. To view the WinHTTP proxy settings, at a command prompt, run the following command:

netsh winhttp show proxy

If it is not configured, we can configure the WinHTTP proxy setting and the server FQDN in the WinHTTP bypass list by opening a command prompt, type the following command, and then press ENTER:

netsh winhttp set proxy proxy-server="http=myproxy" bypass-list="*.host_name.com"

After doing these things you can  recreate your CSR and get the certificate from godaddy, then import it again to Exchange server.

Additionally, please make sure the intermediate or root SSL certificates installed on the server and the Root CA Certificate was added to the computer Trusted Root CA Store. Here are some references about certificate revocation checks:

EMC and certificates with failed revocation checks in Exchange 2010

http://blogs.technet.com/b/exchange/archive/2010/07/26/3410505.aspx

https://support.microsoft.com/en-us/kb/979694  

Regards,

David 

  • Marked as answer by shahry baba Friday, May 29, 2015 8:19 PM
May 26th, 2015 9:40am

Thanks Singh and David.


it turned out to be a proxy issue. after acquiring a new certificate we were getting the same error message. here it is what we did to resolve this issue:

1. Acquired a new certificate and imported it to CAS server.

2. Correct the CAS server settings to connect to internet without proxy. After doing this CAS server was able to connect to Godaddy certificate server.

it resolved our issue.

Free Windows Admin Tool Kit Click here and download it now
May 29th, 2015 4:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics