Certificate Authority installation fails with the error "Revocation Server is offline"

The error message appears after you click Install during the Certificate Authority (CA) installation process.

Additionally, attempts to access the Certificate Revocation List (CRL) from a web browser fail with a 403 error.

For example, attempts to connect to http://localhost/crl/NESL1CA.crl or http://localhost/crl/NymiInfraRootCA.crl from a web browser display the following page:

Figure 1. HTTP Error 403.4 - Forbidden

Cause

The CRL distribution point configuration for the L1 and L2 certificates use an HTTP URL to fetch certificates but the CRL Virtual Directory setting in IIS is configured to require SSL.

Resolution

To resolve this issue disable the SSL required option for the default web page in IIS Manager on NES.

  1. In IIS Manager, expand the NES server > Sites > Default Web Site.
  2. In the Default Website pane, double-click SSL Settings, and then clear the Require SSL box.
  3. Remove NDES and the Certificate Authority:
    1. In Server Manager, select Manange > Remove Roles and Features. The Remove Roles and Features Wizard opens.
    2. Click Next.
    3. On the Select destination server page, click Next.
    4. On the Remove server roles page, expand Active Directory Certificate Services , clear Network Device Enrollment Service, and then click Next.
    5. On the Remove features page, click Next.
    6. On the Confirmation removal selections page, click Remove.
    7. When the removal completes, click Close.
    8. In Server Manager, select Manange > Remove Roles and Features.
    9. Click Next.
    10. On the Select destination server page, click Next.
    11. On the Remove server roles page, clear Actice Directory Certificate Services.
    12. On the Remove features that require Active Directory Certificate Services, click Remove Features
    13. On the Remove server roles page,ckick Next.
    14. On the Remove Features page, click Next.
    15. On the Confirm removal selections page, click Remove.
    16. When the removal completes, click Close.
    17. Restart the NES machine.
    18. Install AD CS, NDES, and the CA. The Nymi Connected Worker Platform NES Deployment Guide provides more information.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share