I have a test environment with an offline root CA, and a member server as a SubCA \ issuing CA.
During installation of the issuing CA, the original Issuing CA cert was revoked and a new cert issued. The revoked cert shows correctly as revoked in the properties of the CA, and the replacement shows as well.
Having checked the certsrv website, the correct (valid) cert is showing in the site properties so don't think that the old cert is being used anywhere.
However, I'm seeing a few issues. On server restart, the following error is logged in the event log. I cannot understand find why this is an issue. Any thoughts?
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 09/11/2020 15:39:51
Event ID: 51
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: app001.domain.eng
Description:
A certificate in the chain for CA certificate 0 for APP001-CA has been revoked. The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" />
<EventID>51</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2020-11-09T15:39:51.249248000Z" />
<EventRecordID>103898</EventRecordID>
<Correlation />
<Execution ProcessID="1784" ThreadID="1788" />
<Channel>Application</Channel>
<Computer>app001.domain.eng</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_CA_CERT_REVOKED">
<Data Name="CACommonName">APP001-CA</Data>
<Data Name="ErrorCode">The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)</Data>
<Data Name="CACertIdentifier">0</Data>
</EventData>
</Event>
Other issues I'm having include problems with permissions on templates, and issuing certs with private keys, but would like to rule the above out first.
Any suggestions welcome.
Thanks