Skip to main content

Overview

To ensure your Domain Controller (DC) can communicate with TruU’s Certificate Revocation List (CRL) endpoints, verify that outbound internet connectivity from the DC is not blocked by a firewall or proxy. There are two ways to verify that CRL files can be downloaded from a Domain Controller.

Verify Using a Browser

Log in to the Domain Controller and open a browser, then navigate to the following URL: 
https://saas.cloudtrust.truu.ai/crl/7c7f660a-8d2e-40ac-9d78-b6f9f464b419.crl
If the .crl file downloads successfully, outbound connectivity to the TruU CRL endpoint is working correctly.
You can also navigate to https://saas.cloudtrust.truu.ai/crl — you will see an Access Denied error, which is expected and confirms DNS resolution and basic connectivity are working.

Verify Using a Command

The second option runs certutil, which opens the URL Retrieval Tool and tests retrieval of the CRL files (rootCA crl and issuingCA crl) downloaded from the TruU portal.
You must have the end-user certificate and the issuing CA certificate available on the local drive before running these commands.
  1. Run the following command: 
       certutil -URL <certificate.crt>
  2. In the pop-up, select CRLs (from CDP).
  3. Click Retrieve. The tool checks the CDP URL embedded in the certificate and returns a status of Verified or Failed. Run this command once per certificate.

Failed Retrieval

A failed retrieval is most likely due to network settings — a firewall or proxy causing the request to time out or failing to resolve the domain name. For detailed troubleshooting output, run one of the following commands: Output displayed in the console: 
certutil -f -urlfetch -verify truucert.cer
Output saved to a file: 
certutil -f -urlfetch -verify truucert.cer > C:\temp\troubleshooting.txt