CRL needed

When I receive a signed encrypted in Outlook, I see the following in the view certificate:

The Certificate Revocation List needed to verify the signing certificate is either unavailable or it has expired.

Any idea how I can resolve this?


Maybe your e-mail certificate has expired (they are only good for 1 year) so try going to the site and registering for a new one. If you cannot get a new certificate because the one you have is not expired then e-mail support at and tell them you are having trouble and you need them to de-activate your current certificate, then go re register for a new one. Import it into Outlook and see if it works. Please post your results back on this forum.

Open your certificate and click on the details tab. Look for the value labelled “CRL Distribution Points” and make sure that you can get to the url listed by going to it in Internet Explorer. There are some issues with Outlook doing lookups of the CRL and timing out, so if you can definitely get to the CRL in IE, then that is probably what is happening and you may just want to disable CRL checking in IE (Outlook gets it’s settings from IE). Go to Tools–>Internet Options–>Advanced–>Security and uncheck both options having to do with checking for certificate revocation. Hope that helps.
Comodo Support

The cert is a new one. It has not expired.

I tried putting the CRL url in the cert into IE and I can open the CRL. So it is not problem connecting to the CRL.

Incidentally, I have the same issue with another e-cert signed by another CA. So the problem is not with the certs or the CA. It is more likely certain settings with Outlook or IE on my PC.

Is there anything in the Outlook help file that says anything about using the certificates? Maybe there is something you need to do before Outlook will allow you to use them. I’m not really sure because I don’t use Outlook.