Forum Discussion
Problem with connecting to Point-to-Site VPN the message received was unexpected ot badly formatted
Hello AUser
Looking at the issue you described it occurs me the VPN client may not be able to access the CDP (certificate revocation distribution point) location (LDAP, CIFS, HTTP) as specified in the CDP extension of the client certificate. Therefore when the client is validating the certificate e.g. building the certificate chain (which you said it can do), then checking the integrity of the chain it will fail this second element (sometimes performed together) if it cannot reach any of the locations as specified in the CDP (or the Automotive Information Access extension if using OCSP for revocation checking). Therefore bottom line if using a certificate issued by a CA, then on the computer with the VPN client installed, use the following command to verify access to CRL
certutil -f -urlfetch –verify If all the locations in the CDP (LDAP, CIFS, HTTP) fails then resolve this first
Please let me know if this fixes your problem,
Ernest Brant
Hello AUser
Looking at the issue you described it occurs me the VPN client may not be able to access the CDP (certificate revocation distribution point) location (LDAP, CIFS, HTTP) as specified in the CDP extension of the client certificate. Therefore when the client is validating the certificate e.g. building the certificate chain (which you said it can do), then checking the integrity of the chain it will fail this second element (sometimes performed together) if it cannot reach any of the locations as specified in the CDP (or the Automotive Information Access extension if using OCSP for revocation checking). Therefore bottom line if using a certificate issued by a CA, then on the computer with the VPN client installed, use the following command to verify access to CRL
certutil -f -urlfetch –verify If all the locations in the CDP (LDAP, CIFS, HTTP) fails then resolve this first
Please let me know if this fixes your problem,
Ernest Brant