Failed to execute Sign action
The error "Failed to retrieve CRL information" happens when both OCSP (Online Certificate Status Protocol) and CRL (Certificate Revocation List) validations over the certificate used for signing fail, and hence, it is not possible to check the validity of the signature.
Common causes for this behavior are:
-
The certificate does not have neither CRL nor OCSP urls.
-
The certificate has CRL or OCSP urls, but these are either invalid or did not provide any response.
-
The certificate has CRL or OCSP urls, but the connection could not be established (check firewall and proxy rules)
Common ways to resolve:
-
Use a signing certificate containing valid CRL and OCSP information.
If this issue is occurring on signature methods the use the internal eSign certificate (ex: HANDWRITTEN, OTP, CLICK2SIGN), check if the configured internal certificate has OCSP or CRL information (see Installing a Signing Certificate). -
Skip the validation by using the signing.revocation.skip property.v+ You are able to select which signing methods that skip the certificate revocation step while signing a document. Use the "ALL" value to skip validations all signing methods.
signing.revocation.skip example"properties":{ "signing.revocation.skip": "ALL" }
The signing.revocation.skip method skips all revocation based on OCSP/CRL providers. This should not be used in a production environment.