Certificate Revocation List Issued by the Certifying Authorities is Expired | Fixed

The error “certificate revocation list issued by the certifying authorities is expired” means that the system or browser cannot verify whether a digital certificate (used to secure websites or apps) is still trustworthy—because the list of revoked certificates (CRL) is out of date or inaccessible.

This often happens when:

• The certificate authority (CA) didn’t update their CRL on time.

• Your system can’t access the CRL distribution point (e.g., due to internet, DNS, or firewall issues).

• Your system clock is incorrect.

• You’re using outdated software that can’t handle CRLs properly.

🔧 How to Fix It

Here are the most effective ways to resolve this:

✅ 1. Sync Your System Date and Time

An incorrect system clock can cause CRL checks to fail.

• On Windows:

  • Go to Settings > Time & Language > Date & Time

  • Toggle Set time automatically ON

  • Click Sync now

• On macOS:

  • Go to System Preferences > Date & Time

  • Check Set date and time automatically

Also read : Network Connection Error Garmin Connect

✅ 2. Clear SSL State and Certificates

Outdated cached certificates can cause this issue.

• On Windows:

  • Open Internet Options (search from Start)

  • Go to Content > Clear SSL State

  • Also, click Certificates > Intermediate Certification Authorities

    • Remove suspicious or expired entries manually

✅ 3. Update Your OS and Browser

Older versions of browsers or operating systems may have broken certificate validation.

• Update Windows/macOS

• Update Chrome, Edge, Firefox, etc.

✅ 4. Disable CRL Checking (Not Recommended for General Users)

For advanced/trusted environments only, you can temporarily disable CRL checking.

On Windows:

• Press Win + R, type: gpedit.msc → enter

• Navigate to:

  Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Certificate Path Validation Settings


• Under the Network Retrieval tab, uncheck “Define these policy settings” to let Windows skip the check.

⚠️ Warning: This reduces security and opens you to man-in-the-middle (MITM) attacks. Only do this in offline/test environments.

✅ 5. Check Firewall or DNS Blocking

Your network might be blocking access to the CRL distribution point.

• Try using a different Wi-Fi or mobile hotspot.

• Use DNS servers like 1.1.1.1 or 8.8.8.8.

🛠 Example: How This Happens

Suppose you’re opening a secure website (like a bank). The browser checks the site’s SSL certificate validity. It consults the Certificate Revocation List (CRL) served by the CA. If that list is outdated or unreachable, you’ll see this error.