Cert Server Denying Certs requests - Event ID 21: The certificate is revoked

S

seb

I'm trying to get a new certificate to my router. I revoked the old one and
now I
wanted to get a new one. Each time I go and ask for one I get the Following
on the CA Server (on Windows2000):

Event Type: Error

Event Source: CertSvc
Event Category: None
Event ID: 21
Certificate Services could not process request XX due to an error: The
certificate is revoked.

Anyone know how to solve or workaround this?

Thanks

Seb
 
S

Steven L Umbach

How are you trying to request it? Can the CA issue any computer certificates? Since
you revoked the old one make sure your request is for "new keys" and not existing key
set. --- Steve
 
S

Seb

Thank you for response Steve.
I'm requesting new certificate using mscep.
I'm generating new keys set on router side, getting CA certificate,
authenticating using key obtained by mscep web page, and trying to enroll.
At end on router side I receive message that enrollment was rejected by CA,
and on server side logs message about error in processing.
Seb
 
S

Steven L Umbach

Ok. I can't be of much more help as I have never used mscep to request a cetificate
for a router. The revoked certificate error is puzzling in that a revoked certificate
is a problem if a revoked certiticate is being used for authentication. You are
requesting a new certificate. Unless your old certificate is being used for
authentication in the process somehow. -- Steve
 
S

Seb

Oh, one more thing:
I was able to enroll for certificates for this device few times, things
changed when I enforced publish new CRL. Seems CA wasn't checking CRL for
revoked certificates, when old CRL was valid.
Is any way to edit or clear revoked certificates database?
Seb
 
S

seb

It's working again. Not sure what exactly help, but had to turn off all
servers, including domain controllers, for power maintenance and after that
I was able to get certifcates again.
regards
Seb
 
S

Steven L Umbach

Weird? Something was refreshed or cache cleared with shutting down
everything. Glad you got your certificate though. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Clients cant get new Cert from CA - 0x800b0101 0
Failed Cert Request with MSCEP 2
Certificate Enrollment Denied By CA Server- HELP! 2
can't get new or renew certs from exchange only after root ca cert expired 2
Certificate Authority CRL's 4
2003 SP1 CA keeps denying cert requests 4
Auto Enrollment Event ID: 13 Failed to enroll ... Certificate Access Denied 1
IE claims valid certificate is revoked 1

Top