Solutions

Unable to check revocation status

Modified on 2025-06-10 11:18:48 +0200

We need to monitor several SSL certificates. Our internal CA publishes a CRL, accessible from the PRTG server, and is in the trusted root. the SSL certificate sensor is still in the warning state for all internal CAs: Warning by lookup value 'Unable to check revocation status' in channel 'Revoked' (OK. Certificate Common Name:[...])

This is because your internal CA is a not a trusted top-level CA. This sensor will work correctly with self-signed or certs issued by an internal CA. You must use it with a cert you purchase from a certificate authority.

Main reason being that we cannot validate a Root CA within an organization. Our sensor relies on 3rd parties for certificate validation, and signature validation. Unfortunately, we do not have a sensor that can take into account local root CAs at this time. You can request this as a feature request by following the link below.

https://kb.paessler.com/en/topic/79245-how-can-i-propose-new-features-or-sensors-for-prtg

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Unable to check revocation status

Search

Tags

Related Articles