Outlook - Certificate has been revoked

Brass Contributor

Hi all,

 

not sure if anyone has experienced it, but we are getting tthis error multiple times a day when using outlook.

It says :

 

Outlook.office365.com

Information you Exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.

The security certificate for this site has been revoked,

This site should not be trusted,

 

If we dont click OK, outlook cannot send or receive emails. Sometime this window is hidden behind and therefor are not aware of it during the day.

 

if we click view certificate, it looks legit and everything seems to be ok. If enter OWA, we get same certificate(according to thumbprint), but there is no warning or error,

 

We have created a case with Exchange online team, but they say there are no error from their side and its internal network issue.

We have cleared certificate revoke list from our DNS servers without any help.

Any ideas on how to troubleshoot this further?

 

We use Outlook 2016 with latest updates and have all mailboxes in Exchange online.

I only have my archive mailbox attached to my outlook,

 

Thanks!

40 Replies

Our case is also still open (REG:117052315783924). Not getting closer to a solution yet unfortunately. They keep asking for traces we cannot give as the issue can't be reproduced on demand. In the mean time I've supplied some dump files, but that didn't bring us any closer as well it seems... I'll update when we get more news from MS.

any news with this

Anyone found a solution for this issue. Microsoft support is of no help.

Update to Outlook 2016, if u already have it, do a online repair

Unfortunately not. MS was able to reproduce against our environment once, but hasn't occurred since. I haven't had the revoked popup since a month, so it might be that is has been resolved in an update. Are you still getting it with Outlook 2016 updated to the latest version?


@Javier Garcia wrote:

Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.

 

Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work. 

 

Only solution so far is to roll people back to Office 2013. 


@Javier I got word you closed the case because you find the issue to be related to your reverse proxy, is this correct?


@Hap wrote:

@Javier Garcia wrote:

Opened a 2nd ticket for Outlook since MS support always points fingers back and forth (117052515798731). Still getting no where and they've already quit trying to try and support the ticket since we are unable to reproduce the issue on command.

 

Note, we have tried applying the "workarounds" by suppressing the prompt in IE and Outlook (HKCU\software\policies\microsoft\office\16.0\outlook\security\usecrlchasing Value=2) but still doesn't seem to work. 

 

Only solution so far is to roll people back to Office 2013. 


@Javier I got word you closed the case because you find the issue to be related to your reverse proxy, is this correct?


Thank you for the response. we opened a case and worked with MS support on the issue and they recommended  bypassing autodiscover by modifying the registry keys, however issue still persists. Issue only affects a couple of users. Will check to make sure they have the latest Office 2016 updates

and alos run an online full repair. We prefer not to downgrade to Office 2013.

Was resolution ever identified for this problem? I have the exact same issue with the exact same certificate.  I opened a case with Microsoft support but they have not been any help so far. 

 

No changes have been made to our network, the CRL isn't being blocked by anything, it doesn't contain the serial number of the certificate in question and the problem is intermittent.


@Jeffrey Baltezegar wrote:

Was resolution ever identified for this problem? I have the exact same issue with the exact same certificate.  I opened a case with Microsoft support but they have not been any help so far. 

 

No changes have been made to our network, the CRL isn't being blocked by anything, it doesn't contain the serial number of the certificate in question and the problem is intermittent.


Hello Jeffrey,

We have a case open with Microsoft, they requested for logs and they have escalated it, so far its a waiting game. Not sure of others.

Unfortunately the cause was never found. MS was able to reproduce it twice on their end but didn't get the required logging. After that it didn't occur anymore.

 

As we didn't change anything on our end, I had a suspicion they fixed it silently in one of their updates recently. Have you tried updating Outlook to the latest update?

Thank you for the response.  

 

I'll test updates to see if that helps.

Thanks for your update.  Are you seeing this problem intermittently as well?  I haven't been able to generate the message on-demand.

 

I had to call Microsoft twice yesterday just to get them to call back. When they did, the support "engineer" finally sounded as though she was taking this issue seriously.

 

I also contacted DigiCert support, who confirmed that the certificate is not revoked.


@Jeffrey Baltezegar wrote:

Thanks for your update.  Are you seeing this problem intermittently as well?  I haven't been able to generate the message on-demand.

 

I had to call Microsoft twice yesterday just to get them to call back. When they did, the support "engineer" finally sounded as though she was taking this issue seriously.

 

I also contacted DigiCert support, who confirmed that the certificate is not revoked.


Yes it was very intermittent. Sometimes every day and then not for a few weeks. I haven't had the error in more than two months now. Our casenr was 117052315783924, you can refer to that if you wish.

 

PS I just realized you didn't ask me but Jane. In any case extra info supplied.

Thank you for the info, I'm sure it will help out to have an established case for them to reference.

Was it solved after updates?

No it wasn't, we narrowed down the issue to be on the ISP side MTU size. Our clients that were affected both have the same internet service provider they made changes on their end and the issue has been resolved.

 

I keep getting the message outlook. Office365.Com has had its security certificate revoked. Is this true? What action should I take?

Just to add to my previous message I have now viewed the certificate and clicked on the tab titled Certification Path. This says: this certificate is okay.

Does that mean there is actually no problem and this is just a glitch?

July 2021 - We got this across few personal and work computers few minutes ago. Various locations, same business.
September 2022 and it's still happening.

Here's some relevant information from the certificate that Outlook reports revoked:
```
SHA256 Fingerprint=D8:41:79:5B:EB:73:BB:7C:9E:78:A3:71:3E:3A:F6:E1:A5:06:E8:6A:00:B9:52:35:A0:E4:53:04:AC:C6:B6:9F
SHA1 Fingerprint=F7:DA:87:B0:B5:8B:2A:2E:EC:38:6E:C7:A6:0A:B1:4D:5A:60:A4:99

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:12:dc:89:55:82:1d:6d:93:6b:cf:34:e5:0f:60:c5
Issuer: C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
Validity
Not Before: Jul 26 00:00:00 2022 GMT
Not After : Jul 25 23:59:59 2023 GMT
Subject: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*.clo.footprintdns.com, DNS:*.hotmail.com, DNS:*.internal.outlook.com, DNS:*.live.com, DNS:*.nrb.footprintdns.com, DNS:*.office.com, DNS:*.office365.com, DNS:*.outlook.com, DNS:*.outlook.office365.com, DNS:attachment.outlook.live.net, DNS:attachment.outlook.office.net, DNS:attachment.outlook.officeppe.net, DNS:attachments.office.net, DNS:attachments-sdf.office.net, DNS:ccs.login.microsoftonline.com, DNS:ccs-sdf.login.microsoftonline.com, DNS:hotmail.com, DNS:mail.services.live.com, DNS:office365.com, DNS:outlook.com, DNS:outlook.office.com, DNS:substrate.office.com, DNS:substrate-sdf.office.com
```
Testing this certificate via https://certificate.revocationcheck.com/check shows that it is *not* revoked.

I started experiencing this problem a couple of weeks ago and about once a couple of days Outlook pops up this warning.

There is clearly a bug in one of `outlook.exe`'s components that it's misidentifying this certificate as revoked. One would hope that Microsoft would look into this, but given how long this has been going on, seems that there's a low chance of that happening.