Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
Upon restarting the certserv we see:

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 24/12/2020 10:57:35
Event ID: 134
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: 00DC0.domain.local
Description:
A certificate in the chain for CA certificate 0 for domain-00-XAB-CA has expired. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6a71d062-9afe-4f35-ad08-52134f85dfb9}" />
<EventID>134</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2020-12-24T10:57:35.678450400Z" />
<EventRecordID>4677</EventRecordID>
<Correlation />
<Execution ProcessID="9848" ThreadID="4020" />
<Channel>Application</Channel>
<Computer>00DC0.domain.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_I_CA_CERT_EXPIRED">
<Data Name="CACommonName">domain-00-XAB-CA</Data>
<Data Name="ErrorCode">A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED)</Data>
<Data Name="CACertIdentifier">0</Data>
</EventData>
</Event>

Is this causing an issue with revocation?
Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: bc1q4whppe29dw77rm4kv4pln0gqae4yjnxly0dny0hky6yhnafukzjsyrsqhk

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
I had to renew the root CA certificate which was simply done by right clicking the server in the domain certificate services MMC snap-in and choosing ‘renew root CA certificate.’