You have imported the CA root to the Lync-edge server, and You can see the detail in the Certificate Store under Trusted Root CA.
You generated the certificate for the internal interface, have it signed, and then assigned it. You got the Error Message
There are two possibilities to get this Error working:
- Recommended: Modify your CA Configuration to include a HTTP CRL Publishing point, publish the CRL to this location and request a new certificate for the internal Lync server with this new CRL location. Make sure that the edge server can download the CRL from this location
- Disable CRL checking on the Edge server. By doing this, you configure the system to no longer check CRL's for certificate revocation. While this is not a recommended practice from a security perspective, it will work.
Or You can try disabling it in IE advanced properties ("Check for publishers certificate revocation" option) and reboot the server and see if it has any affect on lync
The other way to disable this feature, use the following command on the CA, and then restart the CA service:
certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
沒有留言:
張貼留言