Configuring Exchange Servers without Internet access - Certificate Revocation List (CRL) and Certificate Authority (CA)

If your running an Exchange Server, you may’ve experienced “Exchange services timeout or long wait times for services or application to start up. This problem occurs when a server has no internet access or occasionally when a server has limited internet access. The cause of this problem is likely related to a routine check of […]

If your running an Exchange Server, you may’ve experienced “Exchange services timeout or long wait times for services or application to start up. This problem occurs when a server has no internet access or occasionally when a server has limited internet access. The cause of this problem is likely related to a routine check of the Certificate Revocation List (CRL) for .NET assemblies.” This post, provide some details regarding how CRL check affects Exchange server services and apps and how some registry settings can contribute to problem (and solution). “A CRL is a list of revoked certificates, which’s signed by a Certificate Authority (CA) and made freely available at a public distribution point. Each revoked certificate is identified in a CRL by its certificate serial number. When certificate-enabled software (such as Exchange .NET-based services) uses a certificate, Cryptographic Application Programming Interface (CryptoAPI), a Windows sub-system, will check certificate signature and time validity and will also verify up-to-date certificate status to ensure that certificate being presented hasn’t been revoked[...],” writes Microsoft.

Full Article: Configuring Exchange Servers Without Internet Access