CertEnroll::CX509Enrollment::p_CreateRequest returns error 0x80092012

Hi all,

One of the issues we may find when trying the code in my post How to create a certificate request that uses key archival with CertEnroll (JavaScript) is the following error when creating the request: 

CertEnroll::CX509Enrollment::p_CreateRequest: The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614)  

This error will happen if the CRL of the certificate passed to the KeyArchivalCertificate property of the CMC request can't be accessed. One reason for instance may be that the certificate is just missing a CRL distribution point.

We can check if we can properly download the CRL of a certificate with the following command:

certutil -url certificate.cer

A URL Retrieval Tool will appear for that certificate. We can select "CRLs (from CDP) " in the "Retrieve" section and press the "Retrieve" button. This tool will check if we can access the CRL or not.

 

Note: check this post if you need to clear the CRL cache: CRL gets cached after we do an Online verification with X509Chain.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)