Starting mini-filter service results in "A certificate was explicitly revoked by its issuer."

Hi,
I’m new to this community. I need some help.

I’ve created the mini-filter and got the sign from Microsoft through hardware portal [As per in this link].

But now there is a problem. Whenever I try to start the service it results in the error “A certificate was explicitly revoked by its issuer.” with the error code “2148204812”. Please help me out to fix this issue.

If you need any information, kindly revert back to me.

Thanks in advance.

To state the obvious:
Sounds to me like you are signing with a certificate which was signed by a certificate which has been revoked. Ask your certificate vendor, since it seems unlikely that the MS cross signing cert has been revoked (or we would have heard)

What happens when you right click on the signing cert? Does it tell you anything? Do you have OpenSSL to hand? if so you could dump the certificate and research the signing certificates

@rod_widdowson Thanks for your response.

What happens when you right click on the signing cert? Does it tell you anything?
No. When I right-click and go to Digital Signatures, I had both my company signature and Microsoft Windows Hardware Comp. Publisher signature.

Do you have OpenSSL to hand? if so you could dump the certificate and research the signing certificates
Can you explain in brief? Because I can’t understand.

??I had both my company signature and Microsoft Windows Hardware Comp. Publisher signature.??
And no red flags about invalidity?

OpenSSL is an open source product (one which pretty much holds the internet together). Amongst the things it can do is poke at various formats and describe in text the contents of various security formats (X509, PKCS* and so on). Most of my experience in the PKI/signing/encryption space is based on these tools rather than the Microsoft stuff so that’s where I’d start looking. If you don’t know of OpenSSL I’d not bother trying to swap it in - Windows must have similar tools, you’ll need to wait for the US to wake up and someone will be able to point you where to go next - it is not beyond the bounds of possibility that the error is a red-herring and that it has nothing to do with certificate chains.

If you go into the windows certificate store (its under MMC, load plugin “Certificates”), you might see a revoked key which is in the chain of the singers of your cert. Don’t forget to do this on the machine you are testing on. But like I say I have (thankfully) not had to to try to swap in the Microsoft spin in key management.

I am running into the same (“A certificate was explicitly revoked by its issuer.”) issue. Let us know if anyone has got further in solving this.

@Damodar said:
I am running into the same (“A certificate was explicitly revoked by its issuer.”) issue. Let us know if anyone has got further in solving this.

me too :frowning:
I use DigiCert EV Code Signing CA (SHA2) and got the sign successed from Microsoft through hardware portal.
But Install driver same error “A certificate was explicitly revoked by its issuer”

You know you’re replying to a thread that’s almost a year old, right?

And THAT reply was to a reply almost a year old.

Not likely to be that much help, given this pattern. If you have an issue, start a proper, new, discussion.

Peter

1 Like