Assume the following scenario:
- A certification authority is implemented in the network.
- The certification authority service does not start.
- When trying to start the Certification Authority service, you get the following error message:
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)
A corresponding Event with no. 100 can also be found in the event display of the certification authority:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. ADCS Labor Issuing CA 3 The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED).
Cause
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
This error occurs only with the currently used certificate authority certificate. The certification authority always uses the last of the installed certificates for issuing certificates. This error should not occur with the previous certification authority certificates.
The certification authority certificate has been revoked by the parent certification authority and may therefore no longer be used. Accordingly, the certification authority refuses to start the service.
Solution: Apply for a new certification authority certificate
The correct solution to this problem is to request and install a new certificate authority certificate as soon as possible. The certificate request required for this can also be generated when the certificate authority service is stopped. There is no workaround for this problem.
Related links:
- The certification authority service does not start and throws the error message "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)"
- The certification authority service does not start and throws the error message "A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)".
- The certificate authority service does not start and throws the error message "0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)".
- What impact does a non-functioning revocation list of a certification authority certificate have on the certification authority?
- What impact does the revocation of a certification authority certificate have on the certification authority?
- What impact does the revocation of the trust status of a root certification authority certificate have on the certification authority
6 thoughts on “Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)“”
Comments are closed.