Skip to main content

Troubleshooting

Sometimes, the receiver has difficulty opening the encrypted message. Common sources of problems are:

  • untrusted root CAs
  • intermediate CAs that can't be validated
  • CRLs that are not available or accessible

Untrusted CAs

In case you have untrusted root or intermediate CAs, verify the certificate chain and import/distribute the required CA certificates.

Verify Certificate Revocation List Chain

A certificate is by default invalid if the CRL (Delta-CRL) verification fails. This can happen due to:

  • CRL not retrievable (e.g. wrong configuration or CRL server not reachable)
  • CRL or Delta-CRL not renewed/updated within the defined time frame

Check if you can retrieve the CRL from the URL indicated in the known URL or the certificate itself with the following:

certutil -urlfetch -verify <FilenameOfCertificate> or 
certutil -URL <URL or FilenameOfCertificate>
Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?