The online responder (OCSP) reports "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE".

Assume the following scenario:

• An online responder (OCSP) is configured on the network.
• OCSP is enabled for a certificate authority and a revocation configuration is set up.
• The management console for the online responder displays the following status for the revocation configuration:

Type: Microsoft CRL-based revocation status provider.
The revocation provider failed with the current configuration. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE), 0x80092013

The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.

In the event log, the event no. 17 of the source Microsoft-Windows-OnlineResponderRevocationProvider is logged.

Cause

Occurs when the blacklist server is unreachable over the network, for example because the server is offline, or because the online responder cannot reach it due to a missing firewall rule.

Related links:

• Required firewall rules for the online responder (OCSP)