Occasionally, Exchange Server 2010 admins may encounter the following error when attempting to import a certificate or complete a certificate request:
The certificate status could not be determined because the revocation check failed
This error is thrown when your Exchange server is unable to connect outward to the appropriate certificate authority’s certificate revocation list (CRL.) Microsoft’s KB article talks about mislaid proxy settings, but it can really be caused by almost any misconfiguration of network settings that keeps the server off the Internet. If you’re not using a proxy, check these common culprits using IPCONFIG /ALL:
- DNS Client Settings
- Default Gateway
- Subnet Mask
In general, if the server can get on the Internet it can get to the CRL. If you are still getting this error and can’t get on the Internet after checking the proxy and these additional settings, make sure your environment’s firewall is allowing traffic outbound from the Exchange Server to the outside world.