When installing a new certificate authority certificate, you get the error message "The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK)".

Assume the following scenario:

• One installs a new certification authority certificate on the certification authority, either because the certification authority was newly installed, or because the certification authority certificate was renewed.
• During the installation you get the following error message:

Cannot verify certificate chain. Do you wish to ignore the error and continue? The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK)

This warning is generated if the new certification authority certificate does not contain any certificate revocation list distribution points (CDP). These should be entered in the certificate by the higher-level certification authority when signing the certification authority certificate.

If possible, you should therefore cancel and ask the higher-level certification authority to enter the CDP-PFade. If this is not possible, you can still install the CA certificate - but it cannot then be checked for revocation.

You can also suppress the message altogether by running the following command line command on the certificate authority:

certutil -setreg CA\CRLFlags +CRLF_REVCHECK_IGNORE_NOREVCHECK

However, this is not mandatory, as a warning is only generated once during the installation of the certification authority certificate.

Related links:

• The certification authority service does not start and throws the error message "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)".