You are configuring an Active Directory
Certificate Services (AD CS) infrastructure, and you are at the point where you
are importing the certificate that was generated by your certificate request
from the Root CA. When you try to use the Import CA Certificate from the
Certificate Authority MMC you receive the following error "The Revocation
Function was Unable to Check Revocation Because the Server was Offline
0x80092013 (-2146885613 CRYTP_E_REVOCATION_OFFLINE)."
This was because when I configured the CDP and
AIA information when I was configuring the Root CA I added HTTP locations for
the Issuing CA.
When I look at the certificate that I am trying
to import, under CRL Distribution Points there are two listed. The Offline CA
currently has no network connectivity, therefore it cannot resolve that one,
even if it could it will be taken offline after the initial configuration of the
AD CS infrastructure. Notice how there is a URL pointing to the Issuing CA.
The problem here was I had forgotten to copy the
CRL file generated from the Root CA into the IIS Web Server folder on the
Issuing CA.
Once I copied the CRL file over to the Web Server
folder that was accessible in the CRL Distribution Points URL I tried starting
the AD CS service again.
