Posted inError Fix

Certificate Revocation List Issued by the Certifying Authorities is Expired | Fixed

The error “certificate revocation list issued by the certifying authorities is expired” means that the system or browser cannot verify whether a digital certificate (used to secure websites or apps) is still trustworthy—because the list of revoked certificates (CRL) is out of date or inaccessible.

This often happens when:

  • The certificate authority (CA) didn’t update their CRL on time.

  • Your system can’t access the CRL distribution point (e.g., due to internet, DNS, or firewall issues).

  • Your system clock is incorrect.

  • You’re using outdated software that can’t handle CRLs properly.

🔧 How to Fix It

Here are the most effective ways to resolve this:

✅ 1. Sync Your System Date and Time

An incorrect system clock can cause CRL checks to fail.

  • On Windows:

    • Go to Settings > Time & Language > Date & Time

    • Toggle Set time automatically ON

    • Click Sync now

  • On macOS:

    • Go to System Preferences > Date & Time

    • Check Set date and time automatically

Also read : Network Connection Error Garmin Connect

✅ 2. Clear SSL State and Certificates

Outdated cached certificates can cause this issue.

  • On Windows:

    • Open Internet Options (search from Start)

    • Go to Content > Clear SSL State

    • Also, click Certificates > Intermediate Certification Authorities

      • Remove suspicious or expired entries manually

✅ 3. Update Your OS and Browser

Older versions of browsers or operating systems may have broken certificate validation.

  • Update Windows/macOS

  • Update Chrome, Edge, Firefox, etc.

✅ 4. Disable CRL Checking (Not Recommended for General Users)

For advanced/trusted environments only, you can temporarily disable CRL checking.

On Windows:

  • Press Win + R, type: gpedit.msc → enter

  • Navigate to:

    Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Certificate Path Validation Settings

  • Under the Network Retrieval tab, uncheck “Define these policy settings” to let Windows skip the check.

⚠️ Warning: This reduces security and opens you to man-in-the-middle (MITM) attacks. Only do this in offline/test environments.

✅ 5. Check Firewall or DNS Blocking

Your network might be blocking access to the CRL distribution point.

  • Try using a different Wi-Fi or mobile hotspot.

  • Use DNS servers like 1.1.1.1 or 8.8.8.8.

🛠 Example: How This Happens

Suppose you’re opening a secure website (like a bank). The browser checks the site’s SSL certificate validity. It consults the Certificate Revocation List (CRL) served by the CA. If that list is outdated or unreachable, you’ll see this error.