When you enable certificate revocation status checks, Salesforce prevents logins with
certificates that are revoked or can’t be validated. To see why a certificate login failed, check
your org’s Login History page. Review these login errors.
Required Editions
Available in: both Salesforce Classic and
Lightning Experience in All editions
Certificate revoked or invalid
Either the certificate doesn’t contain any Online Certificate Status Protocol (OCSP) or
Certificate Revocation List (CRL) endpoints, or it’s revoked. If you verified that the
certificate has valid endpoints and isn’t revoked, sometimes you must provision intermediate
certificates from the certificate authority (CA) through Salesforce. Contact Salesforce Support
to learn more.
Certificate check failed
The certificate’s OCSP or CRL endpoints refer to a CA that isn’t reachable. If the CA’s server
is offline, you can disable revocation status checks until the issue is resolved.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
