Offline root CA, Horizon View and Revocation check issues
It happens that you log on to your environment and that the dashboard is red, all certificate signed servers are red. This happened to me this morning, returned to a project at a customer and logging on to the VMware Horizon View dashboard all servers coloured red. Investigating the debug log (copy the file before you can open it) showed that the revocation check failed.
At first I was baffled as it had been working fine for days already, the only thing we changed was that we added VMware NSX to the backend.. how can that be intrusive 😉 . It was not of any importance to the issue, the real problem was a configuration fault, very simple but very annoying when you don’t expect it. Let me explain.
We run a internal Microsoft CA and we run a rootCA and a intermediateCA. The rootCA is offline for security reasons so the intermediate is the one doing all the work. Because of the root being offline the revocation check is not possible when it is expired, the root CA is handling this and he or she is offline not able to renew.
Read the entire article here, Offline root CA, Horizon View and Revocation check issues
via Rob Beekmans.net