The certification authority service does not start and throws the error message "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)".

Assume the following scenario:

  • A certification authority is implemented in the network.
  • The certification authority service does not start.
  • When trying to start the Certification Authority service, you get the following error message:
The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)
Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)““

Certificate request fails with error message "The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)".

Assume the following scenario:

  • A user requests a certificate from an Active Directory integrated certification authority (Enterprise Certification Authority)
  • The certificate request fails with the following error message:
The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)““

Certificate request fails with error message "Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)".

Assume the following scenario:

  • A user requests a certificate from an Active Directory integrated certification authority (Enterprise Certification Authority).
  • The certificate template is set up for archiving private keys.
  • The certificate request fails with the following error message:
Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)““

After installing or migrating a certificate authority to a new server, you can no longer publish your own certificate templates

Assume the following scenario:

Continue reading „Nach Installation oder Migration einer Zertifizierungsstelle auf einen neuen Server können keine eigenen Zertifikatvorlagen mehr veröffentlicht werden“

Clients connected via Virtual Private Network (VPN) do not renew certificates automatically

Assume the following scenario:

  • Client computers automatically obtain certificates from an Active Directory integrated certificate authority (Enterprise Certification Authority).
  • Expiring certificates are renewed automatically when the clients are on the internal network.
  • However, expiring certificates are not automatically renewed when clients are connected via Virtual Private Network (VPN).
  • This can result in clients not renewing their certificate in time before it expires and no longer being able to connect to the VPN.
Continue reading „Über Virtual Private Network (VPN) verbundene Clients erneuern Zertifikate nicht automatisch“

Description of the necessary configuration settings for the "Common PKI" certificate profile

The following is a description of what configuration settings are necessary for a certificate hierarchy based on Active Directory Certificate Services to be compliant with the "Common PKI" standard.

Continue reading „Beschreibung der notwendigen Konfigurationseinstellungen für das „Common PKI“ Zertifikatprofil“

Requesting certificates via Certificate Authority Web Enrollment (CAWE) fails with HTTP error code 401 "Unauthorized: Access is denied due to invalid credentials."

Assume the following scenario:

  • A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
  • The role is installed on a separate server, not on the certification authority directly.
  • A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
  • The user's login to CAWE fails with HTTP code 401 "Unauthorized: Access is denied due to invalid credentials.":
You do not have permission to view this directory or page using the credentials that you supplied.
Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit HTTP Fehlercode 401 „Unauthorized: Access is denied due to invalid credentials.““

Requesting certificates via the Certificate Authority Web Enrollment (CAWE) fails with HTTP error code 403 "Forbidden: Access is denied."

Assume the following scenario:

  • A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
  • The role is installed on a separate server, not on the certification authority directly.
  • A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
  • The user's login to CAWE fails with HTTP code 403 "Forbidden: Access is denied.":
You do not have permission to view this directory or page using the credentials that you supplied.
Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit HTTP Fehlercode 403 „Forbidden: Access is denied.““

Requesting certificates via the Certificate Authority Web Enrollment (CAWE) fails with error message "No certificate templates could be found.", or the desired certificate template is not displayed

Assume the following scenario:

  • A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
  • The role is installed on a separate server, not on the certification authority directly.
  • A user attempts to submit an existing certificate request to the certification authority via the certification authority web enrollment.
  • The desired certificate template is missing from the list of selectable certificate templates, or the list is completely empty.
  • If the list is empty, the following error message is also issued:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit Fehlermeldung „No certificate templates could be found.“, oder die gewünschte Zertifikatvorlage wird nicht angezeigt“

Perform functional test for certification authority web registration (CAWE)

After installing and configuring Certificate Authority Web Enrollment (CAWE), it is essential to test the component extensively before releasing it to users. Below are instructions for a detailed functional test.

Continue reading „Funktionstest durchführen für die Zertifizierungsstellen-Webregistrierung (CAWE)“

Requesting certificates via Certificate Authority Web Enrollment (CAWE) fails with HTTP error code 500 "Internal Server error".

Assume the following scenario:

  • A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
  • The role is installed on a separate server, not on the certification authority directly.
  • A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
  • The request takes a very long time and finally fails with HTTP code 500 "Internal server error":
There is a problem with the resource you are looking for, and it cannot be displayed.
Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit HTTP Fehlercode 500 „Internal Server error““

Configure the Certificate Authority Web Enrollment (CAWE) for use with a domain account.

The following describes how to set up Certificate Authority Web Enrollment (CAWE) so that the service runs under a domain account.

Continue reading „Die Zertifizierungsstellen-Webregistrierung (CAWE) für die Verwendung mit einem Domänenkonto konfigurieren“

Requesting certificates via Certificate Authority Web Enrollment (CAWE) fails with error code "ERROR_ACCESS_DENIED".

Assume the following scenario:

  • A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
  • The role is installed on a separate server, not on the certification authority directly.
  • A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
  • The request fails with the following error message:
Your request failed. An error occurred while the server was processing your request. Contact your administrator for further assistance.

In the details of the error message you will find the following note:

CCertRequest::Submit: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
Continue reading „Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit Fehlercode „ERROR_ACCESS_DENIED““
en_USEnglish
de_DEDeutsch en_USEnglish