curl: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate

Question

C:\Users\casta>curl https://c5.ppy.sh
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

I've made my own CA, and I made a certificate from this CA.

The problem is, when I tried to access website with this certificate, It works fine!

but If I tried with curl or C# applications, It returns error.

C# error is here:

2019-02-28T09:20:33: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel
2019-02-28T09:20:33: 위치: #=zGFbxUFU_LnBci6wJmmCy1$E=.#=z0YcFrd6MZP1A()
2019-02-28T09:20:33: 위치: #=zuFHGCPNOLQmjQEcRmqQHLnQ=.#=z3NGNjJ0=()

I got this issue while using PowerShell on a network with a self-signed certificate. Unsure how to tell PowerShell that the cert is fine, though. — jeffsdata, Dec 09 '21 at 16:12

score 143 · Accepted Answer · edited Aug 28 '23 at 12:46

143

I've been using curl through a mitm proxy for pen-testing and getting the same issue.

I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this:

curl "https://www.example.com" --ssl-no-revoke -x 127.0.0.1:8081

The -x parameter passes the proxy details - you may not need this.

edited Aug 28 '23 at 12:46

General Grievance

4,555
31
31
45

answered Jun 07 '19 at 00:31

riemannzz

1,731
1
13
8

3

Terrible solution though, because anyone can MITM you so theres very little point in using https. – dagelf Apr 13 '23 at 11:29

score 7 · Answer 2 · answered Mar 18 '20 at 11:08

7

You can use the --ssl flag and omit the https like this

curl --ssl c5.ppy.sh

answered Mar 18 '20 at 11:08

Max

6,821
3
43
59

1

How does `--ssl` flag helps here? Just curious. – Surya Mar 15 '21 at 10:12
2

It tries with ssl and if fails revert to non-secure [docs](https://curl.se/docs/manpage.html#--ssl). If you specify https you force curl to use ONLY the SSL. – Max Mar 15 '21 at 10:23

score 5 · Answer 3 · answered Jul 04 '23 at 10:38

5

Don't panic... Please check your anti virus and turn off. It happened because your connection is blocked.

answered Jul 04 '23 at 10:38

Kang Tri

51
1
1

This is different with blocked. Your antivirus may do MITM virus check and that's why. – LPOPYui Jul 05 '23 at 05:06

LPOPYui · Answer 4 · 2021-09-13T06:09:59.617

-1

You need to create a CRL list, and publish it to webserver.

edited Sep 13 '21 at 06:09

answered Feb 23 '20 at 14:05

LPOPYui

799
1
9
17

curl: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate

4 Answers4

Linked