When we use HTTPS (SSL) to access the Web site, the browser downloads its certificate from the server and downloads the CRL (the certificate revoant list) based on the site specified by the certificate "CRL distribution point", check if the current certificate is in the list Inside. The CRL contains the date with "next update". Before this date arrives, Windows (?) Will use the CRL that has been cached directly, otherwise the CRL will be downloaded again. I don't know why, when the CRL cannot be downloaded normally, when we visited the HTTPS site, it will not check the revocation of the server certificate. At this point, click "View Certificate", switch to "Details" Tab, find it "CRL distribution Point "URL, copy, download it with Netants, Net Transports or find a machine that can normally access the URL to download the file and copy it. Click the right mouse button to select "Install", follow the wizard to complete the installation. At this time, you will not receive the "Can't check the revocation information of the server certificate" again. Of course, when more than the "next update" date, you need to pay again. As for why CRL can't be downloaded normally, I have to study it.
Continued: The CRL download of the certificate is not because it is too big, and the Class 3International Server CRL of Verisign has 600-700K.
