Certificate Authority

  • Thread starter Thread starter Frank Durham
  • Start date Start date
F

Frank Durham

Greetings-

I am having a problem with one of my CA's. It was time to renew the subordinates certificate. I attempted to renew and an new certificate was issued. When the CA tries to start up it spits out an erros message of Invalid Signature. Has anyone seen this error message before, and if so what did you do to resolve it?

I alos get event ID 42 and 7024.
Source: Event Service manager
Event: 7024
Description: The Certificate Services service terminated with service-specific error 2148073478

Source: Certsvr
Event: 42
Description: Certificate Services did not start: Could not build CA certificate chain for Issuing SEI CA. Invalid Signature. 0x80090006 (-2146893818).

Frank
 
Check and see that the new certificate and matching private key shows in the certificate store of the CA that you requested the new certificate for. You can use the mmc snapin for certificates for computer to do such and you can look at all the property pages of the certificate to see if there is an obvious problem. Possibly you have a problem with that CA having an expired CRL. You may be able to use Web Enrollment to request a new CRL from the CA that issued the certificate to your subordinate CA. The link below may help. --- Steve

http://www.microsoft.com/technet/security/topics/cryptographyetc/tshtcrl.mspx
Greetings-

I am having a problem with one of my CA's. It was time to renew the subordinates certificate. I attempted to renew and an new certificate was issued. When the CA tries to start up it spits out an erros message of Invalid Signature. Has anyone seen this error message before, and if so what did you do to resolve it?

I alos get event ID 42 and 7024.
Source: Event Service manager
Event: 7024
Description: The Certificate Services service terminated with service-specific error 2148073478

Source: Certsvr
Event: 42
Description: Certificate Services did not start: Could not build CA certificate chain for Issuing SEI CA. Invalid Signature. 0x80090006 (-2146893818).

Frank
 
Back
Top