Event Source: | Microsoft Windows Security Auditing |
Event ID: | 4872 (0x1308) |
Event log: | Security |
Event type: | Information |
Event text (English): | Certificate Services published the certificate revocation list (CRL). Base CRL: %1 CRL Number: %2 Key Container: %3 Next Publish: %4 Publish URLs: %5 |
Event text (German): | Certificate Services has published the certificate revocation list (CRL). Base CRL: %1 CRL number: %2 Key container: %3 Next publication: %4 Publication URLs: %5 |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: IsBaseCRL (win:UnicodeString)
- %2: CRLNumber (win:UnicodeString)
- %3: KeyContainer (win:UnicodeString)
- %4: NextPublish (win:UnicodeString)
- %5: PublishURLs (win:UnicodeString)
In contrast to operational events, which are often understood under the term "monitoring", auditing for the certification authority is the configuration of logging of security-relevant events.
Example events
Certificate Services published the certificate revocation list (CRL).
Base CRL: Yes
CRL Number: 58
Key Container: ADCS Labor Issuing CA 1
Next Publish: 27.08.2020 12:44 37.811s
Publish URLs: C:\Windows\system32\CertSrv\CertEnroll\ADCS Labor Issuing CA 1.crl; ldap:///CN=ADCS Labor Issuing CA 1,CN=ADCS Labor Issuing CA 1,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=intra,DC=adcslabor,DC=de;
Description
No description has been written for this yet.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of audit events generated by the Certification Authority
- Overview of the audit events generated by the online responder (OCSP)
External sources
- Securing Public Key Infrastructure (PKI) (Microsoft)