KB ID 0001144
Problem
Sometimes the services on your CA server will stop and complain about not being able to see your CRL, and some times the service will just refuse to start with the following error;
The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE).
Solution
OK the way to fix this permanently is to fix your CRL and make sure it’s setup properly, a CRL has been published and is in date, and the CA server can see it.
Windows Certificate Services – Setting up a CRL
That might take a while, in the mean time, the way to get the services up and issuing is to temporarily stop the CA server checking for CRL services. Open an administrative command window and issue the following command;
[box]
Certutil -setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
[/box]
You will need to restart the certificate services.
[box]
net stop certsvc
net start certsvc
[/box]
Once your CRL problem is resolved you can re-enable CRL checking with the following command;
[box]
Certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFL
[/box]
Related Articles, References, Credits, or External Links
NA
Thanks, after many many articles, this was the one I needed!
Glad to Help 🙂
short & perfect, thanks!