GoDaddy SSL and Exchange 2013, can't find CRL
-
Something odd going on here. I think it's actually on GoDaddy's end, but I'm not 100% sure, so figured I'd come ask before talking to their "Not my problem shield." Management wants to keep everything local, that battle has been fought already.
Certificate checks out just fine, but can't find the Certificate Revocation List. Wouldn't normally be an issue, but this causes their client (Outlook 2013) to throw lots of security errors. Also, GoDaddy's own verification tool complains about the CRL not being available: https://certificate.revocationcheck.com/exchange2013.cascadefa.com "We can't download CRLs from internal servers" Well duh, we can't either!
I'm not out in left field thinking this is something wrong on GoDaddy's end am I?
I'll also note that the 2013 is just a middle ground between Exchange 2007 and 2016. I don't figure a 2016 will be able to find a CRL that only appears to exist on a private IP address either, for some odd reason.
-
Did you install the GoDaddy intermediate certs and all?
-
@jaredbusch said in GoDaddy SSL and Exchange 2013, can't find CRL:
Did you install the GoDaddy intermediate certs and all?
Hrm, I might have skipped the intermediate. I'll kick myself hard if that ends up being the issue.
-
I would still contact Godaddy Support ln this one, the CRL cannot even be downloaded from here either.
When I used Digicert they had a certificate utility that would check if proxies or firewall are blocking access to CRLs.
-
The CRL isn't dependent on intermediate certs. All certs have a CRL listed.
Can you get to the CRL via web browser?
-
If your internet connectivity is good, and CRL can't be contacted, it's on them.
-
@tim_g That's what is happening
-
@tim_g said in GoDaddy SSL and Exchange 2013, can't find CRL:
The CRL isn't dependent on intermediate certs. All certs have a CRL listed.
Can you get to the CRL via web browser?
Nope. They're preferred verification page also can't find the CRL if you look at https://certificate.revocationcheck.com/exchange2013.cascadefa.com
Thanks @dbeato and @Tim_G. Guess I get to look forward to a friendly conversation with their "Not my problem shield" tech support Tuesday.
-
That's weird. When I click on the CRL link, it prompts me to download it. So it's definitely available via the internet and appears to be working.
Definitely call them. Good luck!
-
@tim_g said in GoDaddy SSL and Exchange 2013, can't find CRL:
That's weird. When I click on the CRL link, it prompts me to download it. So it's definitely available via the internet and appears to be working.
Definitely call them. Good luck!
Yeah, such an oddball thing.
-
Ever get this fixed?
-
@jt1001001 said in GoDaddy SSL and Exchange 2013, can't find CRL:
Ever get this fixed?
Working on it later today. It's got to be something with their CRL list not being right, because we can download the file, but nothing can actually read the thing.
-
@travisdh1 Was this fixed yet?
-
@dbeato said in GoDaddy SSL and Exchange 2013, can't find CRL:
@travisdh1 Was this fixed yet?
He's working on it right now.
-
@scottalanmiller I see good luck
-
I'm not sure what was going on with this one. The Exchange 2013 server is shut down now tho. We're grabbing the last cert we need for 2016 now, and hope to be done with it.
I'm blaming it on "reasons".
-
@travisdh1 Sometimes you never know!
