Revoked certificate showing valid
I have a SSL certificate that has been revoked and for most of the clients they do see that it has been revoked. However, for quite a few machines (both inside and outside the domain) the certificate is still showing good and they are still able to access the website and I did verify that revocation checking is enabled in IE. From a machine that still shows a good cert: certutil verify urlfetch shows that the cert is good.Ive cleared the CRL cache.I downloaded the CRL manually (using the CDP links from the certificate itself) and can see that my cert is listed there. Obviously there is something else going on that Im missing but Im running out of places to look so if you experts have any ideas, a point in the right direction would be appreciated!
May 12th, 2012 1:54pm

Brian, thank you for your response! I was using certutil url * delete to remove the cache and did reboot the computer but it was still showing valid. I didnt know about certutil-setreg chain\ChainCacheResyncFiletime @nowand after running that command the computers are now showing that the certificate has been revoked. This one was strange because I was downloading the CRL right on the computers that were showing a valid cert and the cert was listed in there. This was a public cert issued by Network Solutions that they accidentally revoked but some of our machines (only Windows 7 machines) were still able to access the resources. I had no intention of clearing the cache on each machine just try to understand out why some were showing revoked while others were showing good. Thanks again for the help!!
Free Windows Admin Tool Kit Click here and download it now
May 13th, 2012 3:10pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics