When attempting to connect to the self service site using the SPE/GINA, you may experience one of the following errors:
"INET Error code 0x800c0019L. The Secure Sockets Layer (SSL) certificate is invalid"
"The page navigation is cancelled because the attempt to use SSL has failed."
This issue may be caused when the client PC hosting the SPE/GINA is unable to contact the certificate revocation list (CRL) server.
This issue may be caused by the client PC hosting the SPE/GINA not having a trust with the certificate authority
Correct the certificate issues or replace the certificate with one that is less restrictive.
Although this is a native Windows issue and outside the scope of Password Manager, it is possible to work around this issue by disabling the certificate check within the registry of the client hosting the SPE/GINA:
In the registry, the CRL check is located here for the default user:
It is a DWORD value called CertificateRevocation, located in:
Set it to 0 to disable CertificateRevocation check. If the value does not exist create it manually.
Although this is a native Windows issue and outside the scope of Password Manager, it is possible to work around this issue by installing the certificate on the client hosting the SPE/GINA:
In the most cases it is required to check certificate revocation list, but for some reason it is not possible.
In this case IE component returns an error and does not allow us to navigate to the web page.
When you disable certificate revocation check, IE does not block navigation and we successfully display user web site.
If there is a concern that this is a security concern make sure the service that is running certificate revocation list must be in good running condition and available from system account on SPE machine.