The following describes the effects on certification authority operation when a root certificate that issued one of the certification authority certificates of a certification authority is imported into the Untrusted Certificates store on the certification authority.
This case may occur as planned, for example, when a previous certification authority hierarchy is to be decommissioned.
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
If the root certificate is imported into the Untrusted Certificates store, it itself and all subordinate certificates issued by it are treated as if it had been revoked.
The effect of revoking the certification authority certificate are described in the article "What impact does the revocation of a certification authority certificate have on the certification authority?" described.
Related links:
- What impact does the revocation of a certification authority certificate have on the certification authority?
- The certification authority service does not start and throws the error message "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)"
- The certificate authority service does not start and throws the error message "A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)".
- The certificate authority service does not start and throws the error message "The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)".
- The certificate authority service does not start and throws the error message "0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)".
What impact does a non-functioning revocation list of a certification authority certificate have on the certification authority? - What impact does the revocation of the trust status of a root certification authority certificate have on the certification authority
English 
Deutsch
One thought on “Welchen Einfluss hat der Import eines Stammstellenzertifikats in den „Untrusted Certificates“ Speicher auf die Zertifizierungsstelle?”
Comments are closed.