none
CA not updating revocation list of superseeded CA certificates

    Question

  • Hello,

    I have a Enterprise Sub-CA running on Server 2012R2. The root is an offline CA. I have a history of 6 CA certificates (0-5) of which 4 & 5 are revoked. There are still many valid certificates issued by certificate no. 3 in the field. The problem is, that the CA is not issuing revocation lists for certificate no. 3 anymore and therefore I'm getting certificate errors. The CA is issuing revocation lists for ca certificates no. 0,2 and 5 though. I don't mind no. 1 as there were no certificates issued by this certificate, but I have to have revocation lists for CA certificate no. 3. The revocation lists are not issued automatically or if triggered by hand.

    Any idea?

    Thanx

    __Leo

    Thursday, May 23, 2019 12:20 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    From Certificate revocation list, we can see:

    A CRL is generated and published periodically, often at a defined interval. A CRL can also be published immediately after a certificate has been revoked. A CRL is issued by a CRL issuer, which is typically the CA which also issued the corresponding certificates, but could alternatively be some other trusted authority. All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a CRL's validity period, it may be consulted by a PKI-enabled application to verify a certificate prior to use.




    We can check CRL publication interval of this specific CA.

    Or if we try to revoke a certificate manually, check whether the certificate will be in CRLs.

    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.


    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 24, 2019 5:14 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 27, 2019 1:34 AM
    Moderator
  • Hi,
    Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
     
    Again thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 29, 2019 4:25 AM
    Moderator