My apologies if this post is in the wrong forum.
We have been experiencing problems with our website where users are inaccurately being prevented from accessing it due to certificate revocation. IE and Chrome both claim the cert is revoked. What's odd about this is that in our domain we do not have AD CS installed - only local certs. Nothing fancy. In addition, our website is not even hosted within our domain. Rather it exists external of our entire infrastructure. This should rule out any internal certificate enrollment/revocation issues. But nonetheless we are unable to access the secure portion of the site - unless we manually disable the IE advanced security option "Check for server certificate revocation". This workaround seems undesirable. Do you concur?
The cert is certainly valid and issued by GoDaddy Class 2 Certificate Authority. The site cert itself is valid. I've installed the latest Root CA updates from MS (kb931125). There are a few certificate-related items in group policy applied to domain computers, but these have always been in place and have not changed recently (to my knowledge), and none of them seem to be related to this issue; removing all applicable group policy does not resolve the issue. In any case, I'm including the cert-related items below just for good measure.
Any help would be greatly appreciated.
-------------------------------------------------------------------------------------------Data collected on: 12/19/2012 12:23:45 show all
Computer Configuration Summaryhide
Last time Group Policy was processed 12/19/2012 12:04:32
\/\/\/\/\/\/\/\/\/\/\/\/\/
Public Key Policies/Certificate Services Client - Auto-Enrollment Settingshide
Policy Setting Winning GPO
Automatic certificate management Enabled [Default setting]
Option Setting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates Disabled
Update and manage certificates that use certificate templates from Active Directory Disabled
Public Key Policies/Certificate Path Validation Settings/Storeshide
Policy Setting Winning GPO
Allow user trusted root Certificate Authorities (CAs) to be used to validate certificates Enabled TopLvlGPO
Allow users to trust peer trust certificates Enabled TopLvlGPO
Peer trust certificate purposes: Client Authentication; Secure Email; Encrypting File System TopLvlGPO
Root CAs that client computers can trust: Third-Party Root Certification Authorities and Enterprise Root Certification Authorities TopLvlGPO
For certificate-based authentication of users and computers, along with CAs that are registered in Active Directory, the client computer must use should also use user principal name (UPN) constraint compliant CAs Disabled TopLvlGPO
Public Key Policies/Certificate Path Validation Settings/Trusted Publishershide
Policy Setting Winning GPO
Trusted Publishers can be managed by: All administrators and users TopLvlGPO
Verify that certificate is not revoked when adding Disabled TopLvlGPO
Verify that certificate has a valid time stamp when adding Disabled TopLvlGPO
Public Key Policies/Trusted Root Certification Authoritieshide
Propertieshide
Winning GPO TopLvlGPO
Policy Setting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only
-------------------------------------------------------------------------------------------