CRL Checking
I have a customer that is using a commercial application. That applications vendor has provided me and the customer with a self signed certificate. My client application to this customers application is having a connection issue. I see the same connection issues when using curl to the customers endpoint.
C:\Users\A-STAFFRX>curl "https://ua00991d.---.com:18124/"
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
If I load the customers certificate in 'trusted root certification' I get this.
C:\Users\A-STAFFRX>curl "https://ua00991d.---.com:18124/"
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
These are the same responses I get when I try to connect to the customers application from my c# client.
- Can you provide some information about certificates and crl's and how this is suppose to be configured?.
- How are crls's suppose to be managed when using self signed certificates.
- Does the owner of this certificate need to be using a CA instead of self signing the certificate?
- Could there be some configuration on my 2016 windows server that is preventing this connection or not allowing some needed services to operate on this certificate or a crl? The support staff of the commercial application states, other servers connect to their service just fine with the same connection source we are using.