Partager via


AD CS Certificate Revocation List (CRL) Publishing

Applies To: Windows Server 2008

Providing clients with the information that they need to determine whether to trust a certificate is one of the most important security functions of a certification authority (CA) and public key infrastructure (PKI). For the administrator, this means promptly revoking untrusted certificates that have not reached their scheduled expiration dates and publishing this information in certificate revocation lists (CRLs). Monitoring and addressing problems with CRL publication and availability is a critical aspect of PKI security.

Events

Event ID Source Message

62

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services had problems loading valid certificate revocation list (CRL) publication values and has reset the CRL publication interval to its default settings.

65

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a base certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6

66

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a delta certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6

67

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services made %1 attempts to publish a certificate revocation list (CRL) and will not attempt to publish a CRL until the next CRL is generated.

74

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a base certificate revocation list (CRL) for key %1 to the following location on server %4: %2. %3.%5%6

75

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a delta certificate revocation list (CRL) for key %1 to the following location on server %4: %2. %3.%5%6

130

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not create a certificate revocation list (CRL). %1. This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the CRL manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.

AD CS Certification Authority (CA)

Active Directory Certificate Services