Does KCA publish reason codes for revoked certificates?
Originally Published: 2001-10-08
Article Number
Applies To
Microsoft Windows NT Server
Keon Certificate Authority 5.7
Issue
KCA operating normally
CRL is published to LDAP or HTTP
There are no reason codes given for certificates revoked by KCA
Cause
Resolution
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8)
"Unspecified" is universally the default reason code. When KCA decides to publish this, rather than give the reason code along with the revocation it defaults to giving nothing for the reason (applications such as OCSP will pick this up as the unspecified code)
When you publish a suspended certificate in the CRL. the reason code specified by KCA is then reason 6 "certificateHold" and this can be seen in Internet Explorer.
See also Can you specify a reason code for a revoked certificate in KCA?
Related Articles
Provide rules to log more granular challenge reason Number of Views Revoked certificate reason code does not display Number of Views Error: 'Error executing: INSTALLSERVICE; Reason: Installation of RSA Mobile services were not successful.' while installin… Number of Views Error "Reason: Invalid credential" when attempting to configure RSA Via Access Identity Source Number of Views User synchronization failure for other reasons in RSA SecurID Access Cloud Administration Console Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
