AD CS Certificate Revocation List (CRL) Publishing
Applies To: Windows Server 2008
Providing clients with the information that they need to determine whether to trust a certificate is one of the most important security functions of a certification authority (CA) and public key infrastructure (PKI). For the administrator, this means promptly revoking untrusted certificates that have not reached their scheduled expiration dates and publishing this information in certificate revocation lists (CRLs). Monitoring and addressing problems with CRL publication and availability is a critical aspect of PKI security.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services had problems loading valid certificate revocation list (CRL) publication values and has reset the CRL publication interval to its default settings. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not publish a base certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not publish a delta certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services made %1 attempts to publish a certificate revocation list (CRL) and will not attempt to publish a CRL until the next CRL is generated. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not publish a base certificate revocation list (CRL) for key %1 to the following location on server %4: %2. %3.%5%6 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not publish a delta certificate revocation list (CRL) for key %1 to the following location on server %4: %2. %3.%5%6 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not create a certificate revocation list (CRL). %1. This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the CRL manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services. |