SAP Knowledge Base Article - Preview

2249287 - IPH3017 and IPH6034 errors on a system with offline CA


  • Error: IPH3017: Mdm signing error msPkcs7Io.verifyDetachedSignature.x509: CryptographicException SignedCms.CheckSignature:The revocation function was unable to check revocation because the revocation server was offline.
  • Error: IPH6034: Token Checkin MDM Message Signing Validation Failure. UDID: <UDID>
  • "Profile Installation Failed" on device when trying to enroll
  • "certutil -f -urlfetch -verify <device certificate>.cer" output from the Afaria server includes: 
     ----------------  Certificate CDP  ----------------
     Expired "Base CRL (0a)" Time: 0
       [0.0] http://<intermediate CA>/CertEnroll/<root CA>.crl
  • Double-clicking on C:\Windows\System32\CertSrv\CertEnroll\<root CA>.crl on the intermediate CA shows a Next Update value in the past




  • Afaria 7.0 Service Pack 5 (SP5) or later
  • iOS devices
  • Offline root Certification Authority (CA)


SAP Afaria 7.0


CA, certificate authority, crl , KBA , MOB-AFA , Afaria , MOB-SEC , Mobile Secure Portfolio (Cloud) incl Afaria Cloud Edition , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.