Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, October 30, 2017 8:36 AM
Hi,
In my environment , We have a Exchange 2016. I get Lets encrypt Certificate from my mail server.
Exchange server doesn't connect to the internet directly and is published to internet with Public IP.
After a few days, in ECP I get this error :
Certificate revocation checked failed
I haven't proxy server in my network.
How can Resolve it? Has Exchange server internet for get CRL from Lets encrypt always ?
Thanks.
All replies (3)
Tuesday, October 31, 2017 8:03 AM ✅Answered
Hi,
Do you try the steps in below link?
https://blogs.technet.microsoft.com/bshukla/2012/04/30/certificate-revocation-checked-failed/
If you configure a proxy in the browser, please use below command to bypass this:
netsh winhttp set proxy proxy-server="http=proxy_name" bypass-list="*.domain_name.com"
Where proxy_name is the name of your proxy server and domain_name.com is the Exchange Server host name.
More details about this issue, for your reference: EMC and certificates with failed revocation checks in Exchange 2010
Regards,
Allen Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, November 10, 2017 2:07 AM ✅Answered
Whatever system you are running the web browser on that you are accessing ECP with MUST be able to do CRL checks if the cert on the server is a public cert.
You can access ECP on your Exchange server from a PC that can connect to the Internet and you won't get this error. You probably are accessing ECP from a browser running on the server itself.
Your only 2 choices if you do not want to have ANY internet connectivity is to generate a Self Signed certificate and distribute it, or setup MS CS and your own CA and sign a cert from the exchange server with your own CA. MS CS provides CR services and self-signed certs don't use CRLs. Obviously your clients will need to connect to your CA.
Friday, July 17, 2020 4:20 AM
it works for me . thank you .