Revoked certificate reason code does not display
Originally Published: 2004-06-10
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Issue
The CRL Reason Code which appears in the published CRL using MS Windows is not the reason code which appears in the certificate. Reason code: "privilegeWithdrawn" shows up as "Unknown CRL Reason(9)".
RFC:
***
5.3.1 Reason Code
The reasonCode is a non-critical CRL entry extension that identifies the reason for the certificate revocation. CRL issuers are strongly encouraged to include meaningful reason codes in CRL entries. However, the reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value.
id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 }
-- reasonCode ::= { CRLReason }
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8),
privilegeWithdrawn (9),
aACompromise (10) }
***
Cause
Resolution
Related Articles
Provide rules to log more granular challenge reason Number of Views Error: 'Error executing: INSTALLSERVICE; Reason: Installation of RSA Mobile services were not successful.' while installin… Number of Views Error "Reason: Invalid credential" when attempting to configure RSA Via Access Identity Source Number of Views Does KCA publish reason codes for revoked certificates? Number of Views User synchronization failure for other reasons in RSA SecurID Access Cloud Administration Console Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
