Root certification authorities (root CA) generate so-called cross-certification authority certificates (cross signing) when the certification authority certificate is renewed.
Sometimes problems may occur in this process, as shown for example in the article "Certificate authority certificate request fails with error message "The certification authority's certificate contains invalid data. 0x80094005 (-2146877435 CERTSRV_E_INVALID_CA_CERTIFICATE)"." described.
In such a case, one may want to stop the creation of the cross-certification authority certificates.
This is possible with the following command line command on the root certification authority:
certutil -setreg CA\CRLFlags +CRLF_DISABLE_ROOT_CROSS_CERTS
A restart of the certification authority service is required for the settings to take effect.
English 
Deutsch
One thought on “Deaktivieren der Erzeugung der Kreuzzertifizierungsstellen-Zertifikate auf einer Stammzertifizierungsstelle”
Comments are closed.