Why is the MetaDefender ICAP activation failing even if Activation URL is whitelisted?

This article applies to MetaDefender ICAP Server versions 5.0 through 5.9 deployed on Windows.

Issue:

Activation attempts fail despite allowlisting the activation server. Logs indicate CRL lookup failures preventing SSL/TLS verification:

[WARNING] 2025.06.13 13:12:08.182: (common.licensemgr) Call http request failed, url='https://activation.dl.opswat.com/activation?…', error_code='35', error_ detail='schannel: next InitializeSecurityContext failed: CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.' [msgid: 4885] 

Resolution:

There are two options to resolve this issue:

  • Option 1: Allowlist CRL and OCSP URLs
  • Option 2: Upgrade MetaDefender ICAP to Version 5.10

Steps:

Option 1: Allowlist CRL and OCSP URLs

Ensure the following Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) URLs are whitelisted in your network firewall or proxy settings:

  • http://crl.r2m02.amazontrust.com/r2m02.crl
  • http://crl.rootca1.amazontrust.com/rootca1.crl
  • http://ocsp.rootca1.amazontrust.com
  • http://crt.rootca1.amazontrust.com/rootca1.cer

Option 2: Upgrade MetaDefender ICAP to Version 5.10

  1. Download the MetaDefender ICAP 5.10 installer from the OPSWAT Customer Portal.
  2. Run the 5.10 installer and follow the wizard prompts.

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How to upgrade from ICAP Server 4.0.0 to a newer ICAP Server release?
On This Page
Why is the MetaDefender ICAP activation failing even if Activation URL is whitelisted?Issue:Resolution:Steps: