This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 81%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET7%3C/text%3E%3C/svg%3E)
Software is Motorola Irrinet PRO
Using IIS Internet Information Services to allow for remote access
Software can generate and send email via services such as GMail
Worked on previous computer which was 32 bit windows 7.
Current computer is 64 bit Windows 10.
Exact message displayed when trying to send email is as follows.
An error ocurred while attempting to establish an SSL or TLS connection.
The server's certificate could not be validated for the following reasons:
The server certificate has the following errors:
The revocation function was unable to check revocation for the certificate.
Certificate seems to be present.
Inbound traffic works as expected.
How do we check this CRL?
Is there a tool of way to test these?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 70%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Hi Tony,
There is a good article here about that - https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/basic-crl-checking-with-certutil/1128367
But in essence you would need to query the certificate. You can do this in a browser or if you have the certificate locally. Then you will need to look for the CRL End Points. After you've located those you can use the certutil in powershell to query and check that you are able to download.
For example with the ms learn site.
certutil -URL http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20ECC%20TLS%20Issuing%20CA%2007.crl
This window will pop up and you can press Retrieve you'll then get a status of OK if it worked.
Thanks for the help.
We found and used this command, certutil –urlcache CRL and we see a list of certificates, but the one for the application is not there.
In IIS manager it shows it as valid, but it is not on the CRL.
We tried to use the automatic rebind function and we get a `process creation is blocked response.
Also disables all the firewalls with no change.
It appears the certificate was never uploaded?
We also found another document directing to use the MMC and adding Certificates snap in.
The needed certificate is there and valid, but it is not in the CRL.
How do we get it into the crl?
In troubleshooting we created additional problems that crashed some working parts of the system.
Replaced the drive with the backup drive, this was a recent clone of the working drive, so it was ASSUMED it would be same, the problem we were working on was not tested prior to the cloning.
The backup drive corrected the problem, thanks all for the suggestions, it seems something in Windows crashed and the normal processes were not able to identify the issue.
Will clone the working drive to replace the bad one.
ISSUE RESOLVED
Hi Tony,
This may happen if your client isn't able to access the listed CRL or certificate revocation list. When a certificate is issued there is a CRL created in the backend. Client will then download this to make sure a certificate hasn't been revoked.
Who issued the certificate are you able to post a screenshot of the cert? Are you having any external block / is the client updated as some CA lists get sent via updates.