When you import a certificate from a certificate authority . It checks the revocation status of an SSL Certificate, the client connects to the URLs and downloads the CA’s CRLs. Then, the client searches through the CRL for the serial number of the certificate to make sure that it hasn’t been revoked.
but when exchange servers has internet. It will not have any issues. But when its behind the proxy. it may not have issues if your proxy is configured through .use automatic detect settings.
As it uses the system account – System account has its own proxy settings – Lets see how to access the systems account proxy settings.
Revocation Check failure
To check your CRL urls – Use internet explorer – Security lock – view certificates
Download Sysinternals to check the system proxy settings
Get PsExec.exe into a folder. browse to command prompt.
PsExec.exe –i –d –s cmd
run whoami make sure you are in system account proxy settings
inetcpl.cpl to access system proxy settings
Entered my proxy settings. Click ok.
Reboot the server.
Certificate is valid now.