Assume the following scenario:
- One installs a new certification authority certificate on the certification authority, either because the certification authority was newly installed, or because the certification authority certificate was renewed.
- During the installation you get the following error message:
Cannot verify certificate chain. Do you wish to ignore the error and continue? The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK)
Cause
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
This warning is generated if the new certification authority certificate does not contain any certificate revocation list distribution points (CDP). These should be entered in the certificate by the higher-level certification authority when signing the certification authority certificate.
If possible, you should therefore cancel and ask the higher-level certification authority to enter the CDP-PFade. If this is not possible, you can still install the CA certificate - but it cannot then be checked for revocation.
You can also suppress the message altogether by running the following command line command on the certificate authority:
certutil -setreg CA\CRLFlags +CRLF_REVCHECK_IGNORE_NOREVCHECK
However, this is not mandatory, as a warning is only generated once during the installation of the certification authority certificate.
English 
Deutsch