Have you checked that there is no network issue in connecting to CRL or OCSP server from the system on which revocation check is being done?
You can check server logs for more information.
Thanks for your response. I hope the issue with OCSP responder is with the transport of URL through Proxy and is now asked to be enabled. I get a 500: Transport error in the Logs for TrustAssured keys.
However, for 3Skey, the Revocation happens in a different manner. I read through the API's of SWIFT 3Skey stating that the revocation happens for 3Skey using two ways;
1. Using Partitioned CRL's
2. Using Combined CRL's.
I have also configured the SSL certificate on my IHS for 3Skey SSL handshake.
For an ALC specific solution, we are going with Combined CRL's for 3Skey and dont know what configuration change I need to be making to do a successful revocation check on these type of CA's. How do I call the Combined CRL from ALC? Any specific change that I need to make in the request parameters for hitting the SignatureService?
<ser:CRLOptionSpec><ser:LDAPServer /><ser:alwaysConsultLocalURL>false</ser:alwaysConsultLocalURL><ser:goOnline>true</ser:goOnline><ser:ignoreValidityDates>false</ser:ignoreValidityDates><ser:localURI /><ser:requireAKI>true</ser:requireAKI><ser:revocationCheckStyle>AlwaysCheck</ser:revocationCheckStyle>