Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Starting mini-filter service results in "A certificate was explicitly revoked by its issuer."

Arunkalai711Arunkalai711 Member Posts: 2

Hi,
I'm new to this community. I need some help.

I've created the mini-filter and got the sign from Microsoft through hardware portal [As per in this link].

But now there is a problem. Whenever I try to start the service it results in the error "A certificate was explicitly revoked by its issuer." with the error code "2148204812". Please help me out to fix this issue.

If you need any information, kindly revert back to me.

Thanks in advance.

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,054

    To state the obvious:
    Sounds to me like you are signing with a certificate which was signed by a certificate which has been revoked. Ask your certificate vendor, since it seems unlikely that the MS cross signing cert has been revoked (or we would have heard)

    What happens when you right click on the signing cert? Does it tell you anything? Do you have OpenSSL to hand? if so you could dump the certificate and research the signing certificates

  • Arunkalai711Arunkalai711 Member Posts: 2

    @rod_widdowson Thanks for your response.

    What happens when you right click on the signing cert? Does it tell you anything?

    No. When I right-click and go to Digital Signatures, I had both my company signature and Microsoft Windows Hardware Comp. Publisher signature.

    Do you have OpenSSL to hand? if so you could dump the certificate and research the signing certificates

    Can you explain in brief? Because I can't understand.

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,054

    ??I had both my company signature and Microsoft Windows Hardware Comp. Publisher signature.??
    And no red flags about invalidity?

    OpenSSL is an open source product (one which pretty much holds the internet together). Amongst the things it can do is poke at various formats and describe in text the contents of various security formats (X509, PKCS* and so on). Most of my experience in the PKI/signing/encryption space is based on these tools rather than the Microsoft stuff so that's where I'd start looking. If you don't know of OpenSSL I'd not bother trying to swap it in - Windows must have similar tools, you'll need to wait for the US to wake up and someone will be able to point you where to go next - it is not beyond the bounds of possibility that the error is a red-herring and that it has nothing to do with certificate chains.

    If you go into the windows certificate store (its under MMC, load plugin "Certificates"), you might see a revoked key which is in the chain of the singers of your cert. Don't forget to do this on the machine you are testing on. But like I say I have (thankfully) not had to to try to swap in the Microsoft spin in key management.

  • DamodarDamodar Member Posts: 1
    edited August 27

    I am running into the same ("A certificate was explicitly revoked by its issuer.") issue. Let us know if anyone has got further in solving this.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE