tl;dr How can I fix "The revocation function was unable to check revocation for the certificate" when using a custom proxy+cert combination? Can I disable this check somehow for the whole system?
I'm on a Windows 11 machine, trying to use a system proxy and also force the use of the proxy for non-standard tools on the system like cURL
or wget
. Currently I can see the proxy being used for normal operations through a web browser and powershell. However, if I try to do something from a cmd
terminal, I can see the proxy being used but the connections fail:
Microsoft Windows [Version 10.0.22621.1992]
(c) Microsoft Corporation. All rights reserved.
C:\Users\me> curl https://my.cool.app.com/servicehealth
curl: (35) schannel: next InitializeSecurityContext failed:
Unknown error (0x80092012) -
The revocation function was unable to check revocation for the certificate.
C:\Users\me>echo %SSL_CERT_FILE%
C:\Users\me\Desktop\Fiddler_Root_Certificate_Authority.pem
C:\Users\me>echo %REQUESTS_CA_BUNDLE%
C:\Users\me\Desktop\Fiddler_Root_Certificate_Authority.pem
C:\Users\me>echo %https_proxy%
10.211.55.2:8866
As you can tell from the output above, I'm trying to route all traffic through a Fiddler proxy on another machine. My test above is just to demonstrate the problem, I know I can pass flags to curl
to disable the revocation check, but I can't do that for all applications on my machine that may use something like curl
in their SDK.
This is a debugging machine (VM) that I control -- I care little about the security implications around getting this working.
curl -k
, or an HTTP URL. (if you can).