Symptoms
Users are unable to log on and “Revocation checking: Warning: Retrieving CRL failed” is recorded in the logs when “Require Client Certificates” is enabled.
Cause
The certificate references an HTTP Certificate Revocation List (CRL), but the retrieval mechanism currently requires the Content-Length HTTP header to be correctly set. If the Web server is dynamically generating the revocation list it may not be possible to set this header.
Resolution
The HTTP server publishing the CRL must set the Content-Length header. Usually this header is set for static content (for example, CRL files), but dynamic content must be buffered for this field to be calculated.
Status
This issue has been addressed in Access Gateway Standard Edition version 4.5 or later.
The latest version of the Access Gateway Standard Edition Software can be downloaded from CTX106192 - Access Gateway Software Updates.
