What influence does the expiry of the revocation list of one of the higher-level certification authorities have on the certification authority?

Unfortunately, in practice it happens from time to time that the revocation list of a higher-level certification authority expires and a renewal does not take place. This can also happen as planned, for example when an old hierarchy is decommissioned.

The Certification Authority will use the Event no. 48 log.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

The expiry of a certificate revocation list is treated by the underlying CAPI2 exactly as if the revocation list was not accessible. The error code returned is CRYPT_E_REVOCATION_OFFLINE.

A detailed description of the consequences can be found in the article "What impact does incorrect revocation information of a certification authority certificate have on the certification authority?„.

What impact does the expiry of the revocation list of one of the higher-level Certification Authorities have on the Certification Authority?

Cause

Related links:

One thought on “Welchen Einfluss hat der Ablauf der Sperrliste einer der übergeordneten Zertifizierungsstellen auf die Zertifizierungsstelle?”