返回
-
标题
Unable to import a certificate from Safeguard with error: "Certificate chain is not trusted. Reason: (OfflineRevocation) The revocation function was unable to check revocation because the revocation server was offline." -
说明
Unable to import certificate into Safeguard with error:
"Certificate chain is not trusted. Reason: (OfflineRevocation) The revocation function was unable to check revocation because the revocation server was offline." or
"Request to https://x.x.x.x/service/core/v2/SslCertificates failed with status code 400 (Bad request)." -
原因
When importing the certificate Safeguard attempts to connect to all the Certificate Revocation List (CRL) points on the imported certificate. If Safeguard is unable to contact to any point, certificate import will fail. -
解决办法
STATUS
Upgrade to Safeguard 2.10 or above. Safeguard 2.10 no longer checks the revocation list when installing the SSL certificate.
WORKAROUND 1There should only be a single HTTP extension in the signed certificate. An LDAP or FILE extension should not be present when importing the certificate to Safeguard. Safeguard should be able to access the HTTP address without requiring authentication or a proxy.
Validate that Safeguard (or a non domain server) can access the CRL points of the certificate. (To view the points of the cert double click on the certificate -> Details -> CRL Distribution Points).
WORKAROUND 2
Remove all the CRL Distribution points when issuing the certificate from the CAFor example when using a Microsoft CA- Navigate to your Microsoft Certificate Authority- Right click your Certificate Authority Sever Name > Properties > Extensions > Ensure CRL is selected- Make a note of the current settings- Untick "Include in the CDP extension of issued certificates" for each extension (e.g. file | http | ldap and c:\windows\system32…)- Click Apply- Regenerate the CSR from Safeguard- Ensure there are no CRL Distribution points within the signed certificate.- Upload the signed certificate to Safeguard.- Revert the CA changes -
变更请求
796288