The online responder (OCSP) reports "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE".

Assume the following scenario:

  • An online responder (OCSP) is configured on the network.
  • OCSP is enabled for a certificate authority and a revocation configuration is set up.
  • The management console for the online responder displays the following status for the revocation configuration:
Type: Microsoft CRL-based revocation status provider.
The revocation provider failed with the current configuration. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE), 0x80092013

The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.

In the event log, the event no. 17 of the source Microsoft-Windows-OnlineResponderRevocationProvider is logged.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Occurs when the blacklist server is unreachable over the network, for example because the server is offline, or because the online responder cannot reach it due to a missing firewall rule.

Related links:

en_USEnglish