When attempting to view the PMUser site on a DMZ host, a web browser shows the following error:
This site can't provide a secure connection.
The PMUser site on the Password Manager Service host functions as expected.
If an SSL certificate has a CRL specified, then the host which is using that certificate must be able to download that CRL in order for the certificate to be used. This is required and there is no workaround.
Examine the server certificate as well as any intermediate and root certificates in the chain. Any CRL files which are specified in any CRL Distribution Points in any certificates must be accessible from the machine hosting the PMUser site.
To test access, copy the full URI of the CRL file from the certificate and paste it into a browser window running on the PMUser host. This should prompt to download a text file with a .CRL extension. If not, networking settings must be corrected to allow the necessary access.