The certificate is invalid or the revocation could not be verified

Alexander Sergeevich 20 Reputation points
2023-09-22T04:26:17.32+00:00

Hello!

I am issuing a certificate for the Exchange server:

I'm doing...

  1. Create a request for a certificate signed by a certification authority.
  2. I save it in .REQ format.
  3. I log into Active Directory Certificate Services (Microsoft) on my server.
  4. Certificate RequestExtended Certificate Request – Paste the key from the previously saved .REQ file – Web Server Template – Obtain the certnew.cer file
  5. I finish registering the certificate, specify the file certnew.cer - and immediately receive the status Invalid or Failed to check revocation.

Could you tell me please, what could be wrong?

Thank you very much!

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,492 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,604 questions
Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
521 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jarvis Sun-MSFT 10,191 Reputation points Microsoft Vendor
    2023-09-25T06:19:11.3466667+00:00

    Hi @Александр Сергеевич

    Thanks for posting in our Q&A forum.

    The status “Invalid” or “Failed to check revocation” after registering a certificate could be due to several reasons. Here are a few possible causes:

    1. Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) misconfiguration: If the certificate authority’s CRL or OCSP information is set up incorrectly, or if the Exchange server is unable to access them, it may result in a failed revocation check.
    2. Network connectivity issues: Ensure that your Exchange server has internet connectivity, as it needs to communicate with the certificate authority server to check the certificate’s state.
    3. Server cache: Clearing the cache on the server might help resolve the issue.
    4. Time synchronization: Ensure that the time on your Exchange server is correctly synchronized with a reliable time source.

    Similar issue thread please refer to: https://learn.microsoft.com/en-us/answers/questions/656464/certificate-revocation-check-failed-microsoft-exch


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.