Print this page

Salesforce for Outlook keeps on giving message: "Security Alert. Revocation information for the security certificate for this site is not available"

Knowledge Article Number 000175953
Description After installing Salesforce for Outlook, everytime you open Outlook you get the following message:

"Security Alert. Revocation information for the security certificate for this site is not available"
Resolution Quick Fix - Disable the Server Certificate check in IE (please use this while investigating the root of the issue on the local machine or local network)

1. From Internet Explorer, click on Tools | Internet Options
2. Click on Advanced tab
3. Scroll down, under "Security" settings
4. Uncheck the box in front of "Check for Server Certificate Revocation"
5. Click on OK


Possible Causes & Alternate Fixes
  • Proxy is caching an old certificate: Clear the cache on the proxy.
  • Bad Proxy Setting: In your browser go to Tools - Internet Options - Connections and click the LAN settings button and confirm proxy setting for you LAN.
  • Proxy is accidentally turned on: Go to Start on your computer and click on Run, Type regedit and click OK, in the registry editor navigate to the registry key "ProxyEnable" under "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" and make sure its value is 0. If not click on the name ProxyEnable and set the value to 0 close the editor.
  • Outlook lack security rights to install certificate: check what user is being used to run Exchange. ("local machine" may not be sufficient) and replace user with an admin user, or at least a user with certificate install rights.
  • Bad Plugin Install: Uninstall and reinstall the plugin.
  • Time Mismatch: Compare local machine and/or BIOS clock with a machine that's working and change to match the working machine. (they need to match Salesforce.com's clock)
  • VPN Interference: Disconnect from VPN and reinstall the Certificate
Back ground on Certificate Revocation process:
Internet Explorer 7 and above, unless otherwise specified in Tools | Internet Options | Advanced as above will check its Certificates against all the relevant Certificate Revocation List endpoints for the Certification Path of object traffic.

Note all these requests originate from Internet Explorer and the Microsoft CryptoAPI, as explained here:
  1.  All possible certificate chains are built using locally cached certificates. If none of the certificate chains ends in a self-signed certificate, CryptoAPI then selects the best possible chain and attempt to retrieve issuer certificates specified in the authority information access extension to complete the chain. This process is repeated until a chain to a self-signed certificate is built.
  2. For each chain that ends in a self-signed certificate in the trusted root store, revocation checking is performed.
  3. Revocation checking is performed from the root CA certificate down to the evaluated certificate.

If a device on the path of a call to validate one of these certificates such as a proxy or web filter blocks the CRL access Internet Explorer may display the error seen for clients that use web access.





promote demote