Fixing SSL issue ERR_CERT_REVOKED

Recently I was working on setting up the ADFS, I setup certificate and everything worked from ADFS machine but when I tried accessing the ADFS test login page from another machine I received an error “Your connection is not private, NET: ERR_CERT_REVOKED”

I exported the token signing certificate from ADFS and ran following command from PowerShell to test the certificate

certutil -f –urlfetch -verify mycertificatefile.cer > mycertificate_log.txt

In log file (at end of file) I saw following error

Certificate is REVOKED

Cert is an End Entity certificate

Leaf certificate is REVOKED (Reason=5)

CertUtil: -verify command completed successfully.

When I open the certificate on my machine and compared the certificate path with certificate path on ADFS machine I saw following

Certificate path on ADFS Machine

Certificate path in above image has two chain certificates

Actual Certificate -> Go Daddy Secure Certificate Authority -G2 ->Go Daddy Secure Certificate Authority -G2 ->Go Daddy Class 2 Certificate Authority

Certificate path on my machine

Certificate path in above image has one chain certificate

Actual Certificate -> Go Daddy Secure Certificate Authority -G2 ->Go Daddy Secure Certificate Authority -G2

When the computer finds multiple trusted certification paths during the certificate validation process, Microsoft CryptoAPI selects the best certification path by calculating the score of each chain. A score is calculated based on the quality and quantity of the information that a certificate path can provide. If the scores for the multiple certification paths are the same, the shortest chain is selected.

When Certification path 1 and Certification path 2 have the same quality score, CryptoAPI selects the shorter path (Certification path 1) and sends the path to the client. However, the client computer can verify the certificate only by using the longer certification path that links to Root CA certificate (2). Therefore, the certificate validation fails.

In my case also same SSL certificate had multiple trusted certificate path on different machine i was getting an error “ERR_CERT_REVOKED”

To fix the issue, delete or disable the certificate from the certification path that you do not want to use.

To do this, follow these steps:

1. Log on to the web server as a system administrator.
2. Add the Certificate snap-in to Microsoft Management Console. To do this, follow these steps:

• Click Start, click Run, type mmc, and then press Enter.
• On the File menu, click Add/Remove Snap-in.
• Select Certificates, click Add, select Computer account, and then click Next.
• Select Local computer (the computer this console is running on), and then click Finish.
• Click OK.

3. Expand Certificates (Local Computer) in the management console, and then locate the certificate on the certificate path that you do not want to use. In my case i selected “Go Daddy Class 2 Certificate Authority”

Note If the certificate is a root CA certificate, it is contained in Trusted Root Certification Authorities. If the certificate is an intermediate CA certificate, it is contained in Intermediate Certification Authorities.

4. Delete or disable the certificate by using one of the following methods:

• To delete a certificate, right-click the certificate, and then click Delete.
• To disable a certificate, right-click the certificate, click Properties, select Disable all purposes for this certificate, and then click OK.

5. Restart the server if the issue is still occurring.

I hope you find this helpful. Thanks for reading!