| Event Source: | Microsoft-Windows-CertificationAuthority |
| Event ID: | 48 (0x30) |
| Event log: | Application |
| Event type: | Warning |
| Symbolic Name: | MSG_E_CA_CERT_REVOCATION_OFFLINE |
| Event text (English): | Revocation status for a certificate in the chain for CA certificate %3 for %1 could not be verified because a server is currently unavailable. %2. |
| Event text (German): | The revocation status of a certificate in the %3 certificate authority chain for %1 could not be verified because the server is currently unavailable. %2. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CACommonName (win:UnicodeString)
- %2: ErrorCode (win:UnicodeString)
- %3: CACertIdentifier (win:UnicodeString)
Example events
Revocation status for a certificate in the chain for CA certificate 2 for ADCS Labor Issuing CA 3 could not be verified because a server is currently unavailable. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE).
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
The event occurs when the revocation status for one of the previous (not the current) certificate authority certificates cannot be checked. This can have the following causes:
- The revocation list in question has expired, see article "What impact does the expiry of the revocation list of one of the higher-level Certification Authorities have on the Certification Authority?„
- The revocation list in question cannot be downloaded, see article "What impact does incorrect revocation information of a certification authority certificate have on the certification authority?„
It should be noted that the CAPI has the same error code CRYPT_E_REVOCATION_OFFLINE for an expired blacklist and for an unreachable blacklist.
The Certification Authority service will start normally.
If the current certification authority certificate is affected, then the event with ID 100 is generated and the certification authority service does not start. See article "The certification authority service does not start and throws the error message "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)".„.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Since this event only occurs when the current certificate authority certificate is not affected, there should be no impact on availability.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
English 
Deutsch
One thought on “Details zum Ereignis mit ID 48 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.