Hi to all,

I'm trying to implement smart card logon with 3rd party CA.
Im use guides "Advanced certificate enrollment and managment" and articles
281245, 291010 and 295663.
I do all the steps correctly, i issued a certificate for the domain server,
put the CA in the NTAUTH and publish the certificate in the domain server.
Finally I issued a client smart card certificate with the UPN and other
necessary fields.
When I tried to access with the smart card in windows i get an error
message, saying that the revocation status of the certificate could not been
check.

If I run the utility certutil -checksc i get an error message saying that
the revocation server is offline.

Can anyone help me?
Sorry for my bad english.
I can send certificates that i using for the test.
Thanks a lot.

Hi,

Can you open up user certificate and click on Details tab. Here look for CRL
Distribution Points and see what they are...

Here is example of Verisign CRL ... URL=http://crl.verisign.com/class1.crl

Can you check that these paths work...

--
Mike
Microsoft MVP - Windows Security

"JGRIND" <JGRIND@discussions.microsoft.com> wrote in message
news:7DE28E6F-5529-4258-B538-D2182954B53C@microsoft.com...
> Hi to all,
>
> I'm trying to implement smart card logon with 3rd party CA.
> Im use guides "Advanced certificate enrollment and managment" and articles
> 281245, 291010 and 295663.
> I do all the steps correctly, i issued a certificate for the domain
> server,
> put the CA in the NTAUTH and publish the certificate in the domain server.
> Finally I issued a client smart card certificate with the UPN and other
> necessary fields.
> When I tried to access with the smart card in windows i get an error
> message, saying that the revocation status of the certificate could not
> been
> check.
>
> If I run the utility certutil -checksc i get an error message saying that
> the revocation server is offline.
>
> Can anyone help me?
> Sorry for my bad english.
> I can send certificates that i using for the test.
> Thanks a lot.