Event Source: | Microsoft-Windows-CertificationAuthority |
Event ID: | 128 (0x80) |
Event log: | Application |
Event type: | Warning |
Symbolic Name: | MSG_W_REQUEST_CONTAINS_AKI |
Event text (English): | An Authority Key Identifier was passed as part of the certificate request %1. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: "certutil -setreg ca\UseDefinedCACertInRequest 1" and then restart the service. |
Event text (German): | A job key identifier was passed as part of the %1 certificate request. This feature is not enabled. To specify a certificate authority key for certificate signing, run the certutil -setreg ca\UseDefinedCACertInRequest 1 command and restart the service. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: RequestId (win:UnicodeString)
Example events
An Authority Key Identifier was passed as part of the certificate request 166131. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: "certutil -setreg ca\UseDefinedCACertInRequest 1" and then restart the service.
Description
This event occurs when a certificate request includes an Authority Key Identifier (AKI) extension, but the certificate authority does not allow it.
The AKI extension is used for example by Online responder (OCSP) is used to sign the OCSP response signing certificate with a specific certificate authority key (if the certificate authority has multiple certificate authority certificates - the OCSP response signature must always be signed by the same key as the certificate to be checked for revocation status by Onlineresponder.
See also article "Allow requesting a specific signature key on a certification authority„.
See also Event no. 35 of the online responder.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
If the lifecycle process for certification authorities provides for renewal with a new key pair, an alert should be issued because the availability of the online responder's revocation configuration is affected and errors or undesirable behavior may occur during certificate revocation checks.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
2 thoughts on “Details zum Ereignis mit ID 128 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.