Assume the following scenario:
CertUtil: -view command FAILED: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)Continue reading „Abfragen gegen die Zertifizierungsstellen-Datenbank schlagen fehl mit Fehlermeldung „0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)““
If private key archiving has been enabled, it may be necessary to export these keys from the certificate authority database and convert them to another format (PKCS#12, PFX), for example for long-term archiving.
Below is a description of the procedure for exporting individual or all archived keys and obtaining the necessary meta-information.
Continue reading „Exportieren archivierter privater Schlüssel aus der Zertifizierungsstellen-Datenbank“Assume the following scenario:
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)““
If you want to perform maintenance work such as Migration to another server or perform more extensive configuration changes requiring a functional test on a certification authority, you want to ensure that the certification authority service is running, but at the same time prevent certificates from being automatically requested from and issued by the certification authority during this phase.
Continue reading „Eine Active Directory integrierte Zertifizierungsstelle (Enterprise Certification Authority) in den Wartungsmodus versetzen“All applications that use the Microsoft Cryptographic Application Programming Interface Version 2 (Crypto API Version 2, CAPI2) have a mechanism for caching certificate revocation information (Certificate revocation lists and OCSP-answers).
Thus, there is no guarantee that, for example, a newly published blacklist will be used by participants before the previous blacklist, which is still in the cache, has expired.
The following describes how to view and influence the blacklist cache.
Continue reading „Den Adress-Zwischenspeicher für Sperrlisten (CRL URL Cache) einsehen und löschen“The following describes the impact on Certification Authority operations when one of the Certification Authority certificates of a Certification Authority is revoked.
This case may also occur as planned, for example, when a previous certification authority hierarchy is to be decommissioned.
Continue reading „Welchen Einfluss hat der Widerruf eines Zertifizierungsstellen-Zertifikats auf die Zertifizierungsstelle?“The following describes the effects on certification authority operation if the revocation information for one of the certification authority's certificates cannot be retrieved.
This case may also occur as planned, for example, when a previous certification authority hierarchy is to be decommissioned.
Continue reading „Welchen Einfluss haben fehlerhafte Sperrinformationen eines Zertifizierungsstellen-Zertifikats auf die Zertifizierungsstelle?“The following describes the impact on certification authority operations if one of the root certification authority certificates from which one of the certification authority certificates is derived has its trust status revoked, or never had it.
This case may also occur as planned, for example, when a previous certification authority hierarchy is to be decommissioned.
Continue reading „Welchen Einfluss hat der Entzug des Vertrauensstatus eines Stammzertifizierungsstellen-Zertifikats auf die Zertifizierungsstelle?“Assume the following scenario:
The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED)““
Assume the following scenario:
A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)““
Assume the following scenario:
The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)““
Assume the following scenario:
The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „The certificate request could not be submitted to the certification authority. Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)““
Assume the following scenario:
Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „Cannot archive private key. The certification authority could not verify one or more key recovery certificates. 0x8009400b (-2146877429 CERTSRV_E_NO_VALID_KRA)““
Assume the following scenario:
Assume the following scenario:
English 
Deutsch