For troubleshooting purposes you may find the snippet below useful.

It does the following:

  • dumps out all requests that have been made to the CA server
  • limits the output to the things that are most commonly useful for PKI troubleshooting
  • pipe it to a textfile for later consumption

 ....note that it *will* churn through your entire CA database - so if you have thousands or tens of thousands of requests on the CA then you should take care to both have ample disk space where you pipe the results to and also to preferably do this outside of peak business hours (although if this puts a high load on your CA then your CA is typically underspecced).

Certutil -view -restrict "RequestID>0"
-out RequestID,RequesterName,Request.CommonName,CommonName,
DistinguishedName,UPN,NotBefore,NotAfter,SerialNumber,Disposition,
CertificateTemplate,RevokedWhen,RevokedReason,CertificateHash,SubjectKeyIdentifier,
PublicKeyLength,PublicKeyAlgorithm
>%Computername%-CADBDump.txt

Sample output:

 

See also:

http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx