The Connection Server instance or security server that has the smart card connected cannot perform certificate revocation checking on the server's TLS certificate unless you have configured smart card certificate revocation checking.
Problem
Certificate revocation checking might fail if your organization uses a proxy server for Internet access, or if a Connection Server instance or security server cannot reach the servers that provide revocation checking because of firewalls or other controls.
Cause
Horizon 7 supports certificate revocation checking with certificate revocation lists (CRLs) and with the Online Certificate Status Protocol (OCSP). A CRL is a list of revoked certificates published by the CA (Certificate Authority) that issued the certificates. OCSP is a certificate validation protocol that is used to get the revocation status of an X.509 certificate. The CA must be accessible from the Connection Server or security server host. This issue can only occur if you configured revocation checking of smart card certificates. See Using Smart Card Certificate Revocation Checking.