Re: Certificate Authority Removed

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: BP (jobseeker04_at_iwon.com)
Date: 02/08/05 

Date: Tue, 8 Feb 2005 11:01:10 -0500

Thanks Oleg,
Oddly the .crl part of message only showes up once a month or so in logs.

"Oleg Ivanov [MSFT]" <someone@online.microsoft.com> wrote in message
news:42086c77$1@news.microsoft.com...
> It looks like something is trying to get Certificate Revocation List from
> the authority.
> Here is one article that talks about how this can work:
> http://www.windowsitpro.com/Windows/Articles/ArticleID/21934/pg/4/4.html
>
> Oleg
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "BP" <jobseeker04@iwon.com> wrote in message
> news:#GgLSX9CFHA.1564@TK2MSFTNGP09.phx.gbl...
> > Looks like I'm on my on my own here.
> > When I figure it out will post resolve.
> >
> > "BP" <jobseeker04@iwon.com> wrote in message
> > news:%23zBXL8hCFHA.392@TK2MSFTNGP14.phx.gbl...
> > > Hi all,
> > > I removed our win2k Pki root authority certificate server some
> > > time ago where root iis5.0 web server exists, now seeing crypto
> > > errors in W3svc root log for the old authority like it still exists but
> > > can not connect to it. Tried removing any old root server certificate
> > > store objects from AD with Ldp showing no results. It looks like
> > > iis5.0 metabase still referencing this old authority?. The root web
> > > has no/never had certificate selected for security, not sure where these
> > > repeated messages come from but it clogs the logs daily hourly
> > > and would like to clean it up or know why this has occurred.
> > > Anyone have a clue or idea?
> > > Thanks much
> > >
> > > Note: NAME = PKI domain removed to remain anonymous
> > >
> > > 192.168.10.1 80 GET /CertEnroll/---->
> > >
> > > CA-NAME+Enterprise+Trust+Authority.crl - 404 861
> > > CryptRetrieveObjectByUrl::InetSchemeProvider
> > > CA-NAME.crt - 404 10 CryptRetrieveObjectByUrl::InetSchemeProvide
> > >
> > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: CAn CRL and GPO
    ... not integrated in my local domain. ... Domain users use outlook as mailer software. ... You can publish the CRL for a standalone CA to both web and LDAP ... = While online, check for Certificate Revocation ...
    (microsoft.public.windows.server.security)
  • CRL distribution points checking
    ... The CRL distribution points are included in the CRL Distribution Points property of the certificate. ... contacted to check for certificate revocation, then the certificate revocation check fails. ...
    (microsoft.public.security)
  • Re: crl.verisign.com is ok?
    ... CRL stands for Certificate Revocation List. ... certificate-signed program will check the CRL to see if the program's signature ... UNCHECKING "check for publishers certificate revocation" in your IE browser ... Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign ...
    (comp.security.firewalls)
  • Re: Zone alarm giving false alert?
    ... CRL stands for Certificate Revocation List. ... or by UNCHECKING "check for publishers certificate revocation" in your IE ... More information available in this Microsoft Knowledge Base article (so you can ... Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign ...
    (comp.security.firewalls)