Why is the MetaDefender ICAP activation failing even if Activation URL is whitelisted?

Issue:

Activation attempts fail despite allowlisting the activation server. Logs indicate CRL lookup failures preventing SSL/TLS verification:

[WARNING] 2025.06.13 13:12:08.182: (common.licensemgr) Call http request failed, url='https://activation.dl.opswat.com/activation?…', error_code='35', error_ detail='schannel: next InitializeSecurityContext failed: CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.' [msgid: 4885] 

Resolution:

There are two options to resolve this issue:

  • Option 1: Allowlist CRL and OCSP URLs
  • Option 2: Upgrade MetaDefender ICAP to Version 5.10

Steps:

Option 1: Allowlist CRL and OCSP URLs

Ensure the following Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) URLs are whitelisted in your network firewall or proxy settings:

  • http://crl.r2m02.amazontrust.com/r2m02.crl
  • http://crl.rootca1.amazontrust.com/rootca1.crl
  • http://ocsp.rootca1.amazontrust.com
  • http://crt.rootca1.amazontrust.com/rootca1.cer

Option 2: Upgrade MetaDefender ICAP to Version 5.10

  1. Download the MetaDefender ICAP 5.10 installer from the OPSWAT Customer Portal.
  2. Run the 5.10 installer and follow the wizard prompts.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Next to read:
Why are there many "No content to scan" records in ICAP history?
null
On This Page