import contact signed certificate and root ca

R

RickyVene

Hi,

I've imported the contact certificate ".cer" both signed certificate and
root ca. And still the certificate on the email when clicked is giving me
warning: the certificate revocation list needed to verify the signing
certificate is either unavailable or it has expired.

But the certificates are not expired. How do you make this email
certificate be trusted on the signed email?

Thanks,
Ricky
 
P

Paul Adare

On Fri, 28 Sep 2007 18:36:01 -0700, RickyVene wrote:

> Hi,
>
> I've imported the contact certificate ".cer" both signed certificate and
> root ca. And still the certificate on the email when clicked is giving me
> warning: the certificate revocation list needed to verify the signing
> certificate is either unavailable or it has expired.
>
> But the certificates are not expired. How do you make this email
> certificate be trusted on the signed email?

You need to read the error message again. It isn't complaining that the
certificate is expired, it is complaining that the certificate revocation
list is either expired or unavailable. The fact that you had to install the
root cert would indicate that this is likely an internal PKI and that the
CRL is simply not externally available. Check the certificate for the CDP
URL and see if you can get to it.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Transistor: A sibling, opposite of transbrother.
 
R

RickyVene

My company's internet domain is domain.com but my AD domain is
domain01.local. Is it possible to add the CRL distribution like this
"http://www.domain.com/certutil/cadomain.crl"?

Because documents say "it needs to be FQDN" so I need to add
"http://computerca.domain01.local/certutil/cadomain.crl". If it's like this,
this can't be seen on the internet.

Please clarify and more power, I'm waiting for your second book in PKI to be
published.



Thanks,
Ricky



"Paul Adare" wrote:

> On Fri, 28 Sep 2007 18:36:01 -0700, RickyVene wrote:
>
> > Hi,
> >
> > I've imported the contact certificate ".cer" both signed certificate and
> > root ca. And still the certificate on the email when clicked is giving me
> > warning: the certificate revocation list needed to verify the signing
> > certificate is either unavailable or it has expired.
> >
> > But the certificates are not expired. How do you make this email
> > certificate be trusted on the signed email?
>
> You need to read the error message again. It isn't complaining that the
> certificate is expired, it is complaining that the certificate revocation
> list is either expired or unavailable. The fact that you had to install the
> root cert would indicate that this is likely an internal PKI and that the
> CRL is simply not externally available. Check the certificate for the CDP
> URL and see if you can get to it.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Transistor: A sibling, opposite of transbrother.
>
 
You must log in or register to reply here.

Similar threads

G
Question about PKI and Subordinate Authority Certificate
Replies
0
Views
57
Gustavo Garcia5
G
A
An invalid [self-signed] CA certificate exists on Windows 10 Pro, but PowerShell/certmgr.msc/certutil.exe tools can't find it so it can be deleted.
Replies
0
Views
88
arinbiorn
A
S
Trusted Publisher - Code Signing Certificate
Replies
0
Views
136
Steven Bl.
S
K
Error enrolling certificates from our Enterprise Root CA - Some Servers and Some Certificates only
Replies
0
Views
172
KayZerSoze
K
M
Weird certificate (XBL Client IPsec Issuing CA) found in my certificate store
Replies
0
Views
724
MaijaMeika_947
M
Back
Top Bottom