Wednesday, June 2, 2010

Exchange 2010 – 3rd party Certificate status “The certificate status could not be determined because the revocation check failed”

 

After installing the 3rd Party certificate for Exchange 2010, the certificate status of the installed certificate listed:

“The certificate status could not be determined because the revocation check failed”

Cause:

See this when Proxy is used!

Exchange 2010 uses WinHTTP to determine the validity of a certificate.  WinHTTP uses the Web Proxy Auto-Discovery Protocol (WPAD), so its possible that WinHTTP is not configured with all or any of the proxy settings listed in Internet Explorer.  To determine which settings are being used by the Exchange 2010 server, you can execute a NETSH command validate and set accordingly.  

To Check WinHTTP Proxy settings:

netsh winhttp show proxy

Resolution:

Set the correct proxy settings for winhttp:

Login to the Command shell with escalated permissions “Run as Administrator

netsh winhttp set proxy proxy-server="http=myproxy:80;https=sproxy:80" bypass-list= "*.contoso.com"

Note:  Replace myproxy and sproxy with the name or IP of your own proxy server, and be sure to specify ports.  The bypass section is optional.

Following execution, open Exchange Server 2010 Management Console, and refresh the Server Configuration>Exchange Certificates.   The certificate should now have a status of “The certificate is valid for Exchange Server Usage”

No comments:

Post a Comment