Revocation server was offline error

I am getting a error called revocation server if offline which I am not able to figure out. I had setup a server which issues ca in the network both on online and offline mode. And the second server is a actually a web server. The SSL certificate for the web server is issued by the CA's parent server. Now the problem here is arising that the web server is rejecting the certificates. So I thought to verify the certificate on the web server and then gives the error message that some revocation function was unable to check revocation because it is offline something like that. What do I should do here. Help needed.

There are multiple reason which can arise the error. I am listing some of few which you can refer and check out from where the problem arises and how to resolve it. The error message is related to certificate validation. Like if you had a message saying that the revocation functions is unable to check the revocation as the server was offline. The main information that this message provides that the revocation server for the certificate is unreachable. In few cases it is an temporary error which is cause due to the malfunctioning of revocation server. You will need to make sure that the revocation server is active. If you had configured you firewall or a proxy server then make sure that your system is configured to traverse the obstacle between the them.

By enabling the PKI at the edge of transport server for domain security can help you out to resolve you issues. Like some actions you can perform. First to configure root certification authorities. It is a self singed CA. Whenever you run a application that depends on authentication of certificate, then each certificate must have a chain that ends in it to the trusted root container of the local computer. To send a proper domain secured mail you will need to validate the server to receive certificates. In the same manner when the mail goes to any organization the server must be enough capable to validate the certificate.

For your problem you can use a third party root certification authorities which are in built in windows. It you are enough sure about the the third party certificates then you can easily verify them. If both server work on same windows platform then you utilize the default windows CA's.The second option for you is Private Trusted Root Certification Authorities. It is deployed by a private or internal PKI. Like for example your group that shares a same domain secured email deployed by an internal PKI with its own root certificate, then you must make an additional trust configurations.