Forum Discussion

Deleted's avatar
Deleted
Feb 27, 2018

Verification of SSL-Certificate without internet connection

Hi Community!

I'm currently facing an issue with a webapplication and ssl-certificates.

The Scenario is that we have a web-Application for the Intranet hosted by an IIS. Due to security reasons the server has no internet connection and cannot validate the SSL certificate.

I tried nearly everything to disable the CRL and OCP, but I constantly get errors in the event log stating that the ssl-valdiation failed. I looked a lot in the capi2 log but I can't find out why the CRL / OCP is still active.

My question is: How do you handle SSL-Certificates on a server that is not internet-connected? Are there any best practices or good blog articles? I couldn't find any articles for my specific Problem.

 

The only solution I have left is to configure the proxy-server for the app-pool account as this account seems to be validating the cert. Would you consider this a good practice?

Resources