We are using Hyper-V replication on Windows Server 2012+ outside Active Directory, so we are using SSL certificates issued by our own internal CA.
When setting up replication, I made sure that both the source host and the replica server had access to the CA server.
However in normal operation due to our network topology, the Hyper-V hosts have no access to the CA server.
This seems to work fine, but I'm wondering whether the Hyper-V hosts will ever need to access the CA server again to check for revoked certificates.
Yes, they do - but failure to access the CA will just mean no updated revocation list. I.e. certificates will still be accepted.
Still, obvsiously have a not really good (as in: total crap) network achitecture and the hyper-v hosts should be able to access the ca.