Welcome to MSDN Blogs Sign in | Join | Help

Decrypt my World

Cryptography, Security, Debugging and more!

News

  • Any of my posts is supported under any Microsoft standard support program or service. They are provided "AS IS" without warranty of any kind, and confer no rights.

Where are my readers?

Locations of visitors to this page

Favorite Posts

CertEnroll::CX509Enrollment::p_CreateRequest returns error 0x80092012

Hi all,

One of the issues we may find when trying the code in my post How to create a certificate request that uses key archival with CertEnroll (JavaScript) is the following error when creating the request: 

CertEnroll::CX509Enrollment::p_CreateRequest: The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614) 

This error will happen if the CRL of the certificate passed to the KeyArchivalCertificate property of the CMC request can't be accessed. One reason for instance may be that the certificate is just missing a CRL distribution point.

We can check if we can properly download the CRL of a certificate with the following command:

certutil -url certificate.cer

A URL Retrieval Tool will appear for that certificate. We can select "CRLs (from CDP)" in the "Retrieve" section and press the "Retrieve" button. This tool will check if we can access the CRL or not.

 

Note: check this post if you need to clear the CRL cache: CRL gets cached after we do an Online verification with X509Chain.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Posted: Thursday, May 28, 2009 11:10 AM by alejacma
Filed under:

Comments

Bhavish said:

Nice message.Great information sharing..Thanks for all.

# May 28, 2009 6:46 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker