When I attempt to upload a file to my DL server using the dl-wx client, I receive the error: "DL connection error: schannel: next InitializeSecurityContext failed: unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate" If I uncheck the "Verify SSL certificate" box, it all works normally.

When I attempt to setup the thunderbird addon with my local DL server, when I press the "Setup Account" button I receive the message: "An error occured while setting up the account!" There is no other error displayed. The error console only shows the GET request to the DL server that never completes (response is empty, I'm assuming 'cause the certificate check failed, like with the dl-ws client). It's frustrating that I don't see any other errors in the console. All the sections are activated (Net, CDD, JS, etc...). Am i doing something wrong there?

On every failed connection, I get 2 errors in my event log:
schannel#36876 "The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate." schannel#36888 "The following fatal alert was generated: 43. The internal error state is 552." Googling the combination of above errors and DL error messages only gave me results from people who had an improperly implemented certificate chain.

The https://dl.company.com web interface works fine in Firefox and Internet Explorer. I can connect and upload files.
The https://dl.company.com/rest.php gives me a blank page in all browsers.

The DL server certificate is signed by a trusted root. The certificate signer uses the CRL distribution point extension and publishes revocation lists to an http server that is up and running. I assume that since the certificate validates in Internet explorer that the problem is not with the windows part of the certificate checking. The plugin and addon never seem to make any connection to the server hosting the CRLs (tried wireshark and sysutils Process Monitor).

If the issue is in my PKI, I think that Internet Explorer would fail in its connection attempt as well (inetcpl has the "check revocations" option enabled). I'm not sure what other troubleshooting I can do. I can't seem to get any more information on why the client and addon connections are failing.


Reply via email to