Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

User receives “the certificate revocation list server could not be reached” message when they click the reset password link at the logon screen, but not when they browse to the reset page when logged in.

User is not connected to the internet at the logon screen.

Possible solution

You can use one of the following three options below to solve this issue:

  1. Add a new rule to your proxy that allows “domain computers” to reach the CRL servers on the internet. The rule will look similar to the example below:
    Source: internal network
    Destination: IP address of CRL server
    Port: 80
    Access Group: “Domain Computers”
  1. Disable the CRL check on the client.
    Note: This will disable CRL checking on all certificates. If you visit a site that had its certificate revoked, this would allow the creation of a secure connection, unless the certificate had expired.
  1. If you have an internal Certificate Authority system, use an internal certificate, instead of a public certificate.
    Note: A public certificate is a good choice if you plan on allowing users to reset their passwords externally.

June 20, 2018

Was this article helpful?

Related Articles