1

My employer's client side application is failing when initiating ssl connection. It uses wininet and it fails on error 12057, certification revocation server is not available.

Although crl url carried in certificate is available from that machine. When opened in browser, it offers download of crl file.

Any suggestions to possible cause of this error ?

Jan Bohac
  • 65
  • 1
  • 2
  • 12

1 Answers1

1

Is there a proxy system in your company? Could be that the system component tries to go out to the Internet bypassing it (i.e. not reading the proxy.pac file as web browser does for ex). Or, maybe the proxy system is asking for authentication that the involved windows component is not able to answer to.

Xxmusashi
  • 11
  • 1
  • The application uses the same settings as internet explorer, so different setting wont be that case, i believe it will be based on how wininet handles connection. – Jan Bohac Jun 30 '15 at 09:11
  • I remember a couple years ago getting similar issues with this component. The environment was explicit proxy performing authentication. The solution was to white list the destination URL (where the CRL is located) on the proxy. Another option could be to have URL added into PAC file with return DIRECT statement (no proxy) and opening destination IP/range on the Internet facing firewall. But I don't know your network infra so... – Xxmusashi Jun 30 '15 at 09:19
  • Thanks for hint ! It really was block on the proxy, url had to be whitelisted. – Jan Bohac Jan 19 '22 at 07:54