The "weakest link" (well, one of the weakest links) in a Public Key System is the initial registration process. It is important to remember that the basic model in a public key system is to trust anyone with a certificate. You need to actively "key out" bad guys with CRL (certificate revocation lists) or CKLs (compromised key lists). Thus, instead of an ongoing key distribution problem, you have an ongoing CRL/CKL distribution problem.. making sure everyone has an updated list of no-longer-good guys.
So, because a Registration Authority is the main way to create new, valid users, it is an obvious target for attack. Also, for public key systems, the real question is "what is a valid user? ... that is what an RA answers. An RA could be online if it can somehow ensure the integrity of the data/registration validation provided to it - but this is the question that the RA is usually answering.
A non-standard PKI architecture could certainly have an online RA, but the typical model where trust is established through the registration process doesn't work.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Certificates