h1 Testing for Cert Discovery

Braeden Rai

unread,

Jan 16, 2025, 12:49:53 PM1/16/25

to Edge Test Tool (ETT)

Hello,

For H1 testing, we were trying to send a message but we are not able to validate the cert for d...@domain1.dcdt31.healthit.gov. We looked up that domain in the max md Direct cert site and saw this:

When we try to reach the crl endpoint for the cert it is not available which causes us to not send the message. Would you be able to resolve this crl?

http://pki.dcdt31.healthit.gov:10080/dcdt31.healthit.gov_ca_root.crl

Thanks,

Braeden

Braeden Rai

unread,

Jan 16, 2025, 1:50:39 PM1/16/25

to Edge Test Tool (ETT)

FAILED: Failed to check CRL: Invalid CRL Response. Text:

Realized the image failed to paste, this is the error on the site.

Kim Poletti

unread,

Jan 21, 2025, 11:35:37 AM1/21/25

to Edge Test Tool (ETT)

Hi - Thanks for reaching out. This has been logged for review and a member of the team will reach out in the near future.

Message has been deleted

Kelsey Harper

unread,

Mar 7, 2025, 2:22:48 PM3/7/25

to Edge Test Tool (ETT)

I observed this too. Are there any updates?

Kelsey Harper

unread,

Mar 19, 2025, 3:04:04 PM3/19/25

to Edge Test Tool (ETT)

Hi Kim, any updates here? Thank you!

Braeden Rai

unread,

Mar 25, 2025, 11:23:48 AM3/25/25

to Edge Test Tool (ETT)

Hi, are there any updates on this issue?

Kim Poletti

unread,

Mar 25, 2025, 11:44:48 AM3/25/25

to Edge Test Tool (ETT)

Hello,

This is a high priority issue the team is working to resolve. We will keep you updated once it is fixed.

Thank you,

Kim

James Spillman

unread,

Apr 2, 2025, 8:49:42 AM4/2/25

to Edge Test Tool (ETT)

DNS domain and address bound certificates have been updated. Can you try the D1 test again? If you haven't already done so you'll need to reinstall the DCDT trust anchor.

Braeden Rai

unread,

Apr 10, 2025, 4:38:32 PM4/10/25

to Edge Test Tool (ETT)

We installed the DCDT trust anchor, but the D1 case is still failing for us. This fix our issues with the D2, D3, and D4 cases though.

Arslan Iqbal

unread,

Apr 10, 2025, 6:09:00 PM4/10/25

to Edge Test Tool (ETT)

SITE/ETT team's internal reference is SITE-4500

Message has been deleted

James Spillman

unread,

Apr 18, 2025, 9:55:15 AM4/18/25

to Edge Test Tool (ETT)

Is this still an issue?

Braeden Rai

unread,

Apr 18, 2025, 10:00:07 AM4/18/25

to Edge Test Tool (ETT)

Yes, we ran all the email cases again this morning and d1 is still the only one that is failing, still with the "Unable to decrypt mail MIME message" error.

James Spillman

unread,

May 1, 2025, 1:28:32 PM5/1/25

to Edge Test Tool (ETT)

The D1 test involves several certs, of which only 1 is valid. Can you check that your system is going through all the available certs for the address and using the valid one?

https://site.healthit.gov/direct/dcdt
Under "Discover DCDT's Certificates" select the D1 test case, and it will list all the discoverable certs. After evaluating all the available certs, your system should use the D1_valA cert.

There are 2 ways that the DCDT tests are currently misconfigured, but neither should impact your ability to complete this test:
1. The certs should be listed in the ui as "*.dcdt31.healthit.gov" rather than "*.dcdt30.healthit.gov". The actual certs have the correct domain.

2. At least one of the invalid certs is missing from the "x.dcdt31.healthit.gov" domains.

Let us know if you're still having trouble after checking this.

-James

James Spillman

unread,

May 8, 2025, 9:59:56 AM5/8/25

to Edge Test Tool (ETT)

Locking this conversation. If this is still an issue please start a new conversation.

Reply all

Reply to author

Forward