Event ID 4889 – Certificate Services Set The Status Of A Certificate Request To Pending
Event ID | 4889 |
Category | Object Access: Certification Services |
Type | Success Audit |
Certificate Templates and Authorities can be configured to require approval either from an administrator or a certificate manager, before they sign and issue a certificate. If such a configuration is in place, then when a certificate request is received, the CA places it in the Pending Requests folder, and event ID 4889 is logged.
For this event to be logged, the corresponding "Issue and manage certificate requests" feature needs to be enabled in the CA's properties tab.
This log provides the following information:
- Request ID
- Requester
- Attributes
- Disposition
- SKI
- Subject
Why does event ID 4889 need to be monitored?
This event should be monitored to detect anomalous and malicious activity, and to prevent privilege abuse. This log provides details about the request, and the account which requested the certificate.
Pro Tip:
With 200+ reports and real-time email and SMS alerts, ADAudit Plus tracks all certificate services related events, thus helping you meet your security, operational, and compliance needs with absolute ease.
Event 4889 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools