Here is the story, I was building a Lab so I could test Domain secure connections between exchange 2010 Orgs. I issued a cert to both servers from a CA in domain 1, and imported CA root cert to the trusted roots of both servers. Then when I tried to activate services or use MTLS on my connectors I got the following error.
The Certificate Status Could not be determined Because the revocation check failed
Here are the steps I took (with a some help) and got my servers talking and CRL checking working.
- Verify that a CRL URL is published
- Re-issue cert if needed
- certutil -urlcache crl delete
- certutil -urlcache ocsp delete
- certutil -verify -urlfetch C:\foobar2.cer
- certutil -setreg chain\chaincacheresyncfiletime @now
- certutil -setreg chain\chaincacheresyncfiletime @now+3
Note: I finally I found that I had an issue with my TMG server when routing across it (even though it was supposed to not be filtered)
I moved my VM to the same networks (i.e. Both on 192.168.10.x) and then I was able to get it working…
Still need to figure out why TMG was breaking it, Conversely I did get it working with ISA 2006 without issue, I will update this post when I figure out the issue with TMG.