Please help me to deal with self-signed revocation check
I've used makecert.exe
to create root and client certificate
The problem is that certutil
fails to check certificate with error
The revocation function was unable to check revocation for the certificate. 0x80092012
Here are command parameters I've used to create root
makecert.exe -sky signature -pe -n CN=XML_ROOT_TEST -r -sv rootMyCA.pvk -sr LocalMachine -ss Root rootMyCA.cer
and client certificate
makecert -pe -ic rootMyCA.cer -n "CN=XML_SIGN_TEST_CERT" -is Root -sv xml_sign_test.pvk -b 01/09/2017 -e 01/09/2019 xml_sign_test.cer
pvk2pfx -pvk xml_sign_test.pvk -spc xml_sign_test.cer -pfx xml_sign_test.pfx -f
Then I've tried to run
certutil -verify -urlfetch d:\Tests\xml_sign_test.cer
but it fails
The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK)
Revocation check skipped -- no revocation information available
Cannot check leaf certificate revocation status
CertUtil: -verify command completed successfully.
I've tried to use makecert and generate crl revocation list as below
makecert -crl -n CN=XML_ROOT_TEST -sv rootMyCA.pvk rootMyCA.crl
then I've imported this list to the local machine\trusted root certification authorities but no luck, certutil still fails
How can I generate crl list properly? Is it possible to generate x509 certificate without revocation check using makecert?