I'm currently facing an issue with a webapplication and ssl-certificates.
The Scenario is that we have a web-Application for the Intranet hosted by an IIS. Due to security reasons the server has no internet connection and cannot validate the SSL certificate.
I tried nearly everything to disable the CRL and OCP, but I constantly get errors in the event log stating that the ssl-valdiation failed. I looked a lot in the capi2 log but I can't find out why the CRL / OCP is still active.
My question is: How do you handle SSL-Certificates on a server that is not internet-connected? Are there any best practices or good blog articles? I couldn't find any articles for my specific Problem.
The only solution I have left is to configure the proxy-server for the app-pool account as this account seems to be validating the cert. Would you consider this a good practice?