Assume the following scenario:
- A certification authority has multiple certification authority certificates.
- More than one certificate authority certificate uses the same private key because, for example, the certificate authority certificate was renewed with the same key pair.
- If one of these certification authority certificates is revoked, the certification authority will also no longer issue revocation lists for the other certification authority certificates that use the same key.
Cause
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
If a certification authority certificate is revoked, a revocation list is no longer issued for this certification authority certificate.
Since there is only one revocation list per private key, this also affects other certificates of the certification authority if they use the same key.
The same effect occurs when the parent certificate authority is entered into the "Untrusted Certificates" store on the certificate authority.
Solution
The effect only occurs in this form if the revoked certificate is not the current certification authority certificate. Thus, it can be removed from the certification authority configuration.
The procedure is described in the article "Removing old certification authority certificates from the configuration of a certification authority " described.
Related links:
- Removing old certification authority certificates from the configuration of a certification authority
- What impact does the revocation of a certification authority certificate have on the certification authority?
- What impact does importing a root certificate into the "Untrusted Certificates" store have on the certification authority?
English 
Deutsch
One thought on “Wenn ein Zertifizierungsstellen-Zertifikat widerrufen wurde, wird keine Sperrliste mehr für das Zertifizierungsstellen-Zertifikat ausgestellt”
Comments are closed.