Assume the following scenario:
- You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
- The operation fails with the following error message:
The certificate authority is invalid or corrupt. 0x80072f0d (WinHttp: 12045 ERROR_WINHTTP_SECURE_INVALID_CA)
The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
Possible causes can be:
- The client does not trust the HTTPS (HTTP over Secure Socket Layer, SSL) certificate on the CEP or CES server. Most often, this is because the parent root certificate is not trusted. This must therefore still be imported into the Trusted Root Certification Authorities store.
English 
Deutsch
One thought on “Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_INVALID_CA“”
Comments are closed.