Event Source: | Microsoft-Windows-CertificationAuthority |
Event ID: | 51 (0x33) |
Event log: | Application |
Event type: | Error |
Symbolic Name: | MSG_E_CA_CERT_REVOKED |
Event text (English): | A certificate in the chain for CA certificate %3 for %1 has been revoked. %2. |
Event text (German): | A certificate in the certificate authority certificate chain %3 for %1 has been revoked. %2. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CACommonName (win:UnicodeString)
- %2: ErrorCode (win:UnicodeString)
- %3: CACertIdentifier (win:UnicodeString)
Example events
A certificate in the chain for CA certificate 0 for ADCS Labor Issuing CA 3 has been revoked. The certificate is revoked. 0x80092010 (-2146885616 CRYPT_E_REVOKED).
Description
This event occurs when the certification authority service is started if one of the previous certification authority certificates has been revoked by the parent certification authority. See also article "What impact does the revocation of a certification authority certificate have on the certification authority?". If the revocation concerns the current certification authority certificate, the following is displayed instead the event with ID 100 logged.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
The certification authority service will start regularly, so no impact on availability is expected.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
One thought on “Details zum Ereignis mit ID 51 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.