I'm setting up a new Public Key Infrastructure (PKI) with a Root CA and a Subordinate CA, but I'm running into an issue where the Certificate Services on the Subordinate CA are stopped and won't start. The error message I'm getting is: 'The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE).' Has anyone else faced this problem or know what might need to be updated to fix it?
1 Answer
Make sure the Sub CA certificate you got from your Root CA has a CRL location that’s reachable. If it's set to the default, it might be pointing to your offline Root CA, which the Subordinate won't have access to. You should publish the CA CRL to a location that your online Sub CA can connect to.
How do I check that CRL information?