Windows PKI blog
News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals
A Certificate could not be created
Active Directory Domain Services
AD CS documentation updates
Advanced CA Configuration
automatic updater of CTL
Backup Private Keys ADCS 2008 R2 p12 CA
blocking less than 1024 bit keys
blocking less than 1024 bit RSA keys
blocking weak keys
certificate export wizard
Certificate Revocation List
certificate services questions
decomission CA Windows Server 2008 R2
determine if used
does not work
EFS Key Recover
Encrypted File System
Event ID 29
fails does not work IE 9 Internet Explorer 9 Certificate Authority Web Enrollment
Homeland Security Presidential Directive 12
Internet Explorer 10
LDAP SSL LDAPS
OCSP PKIVIEW certificate certification authority snap-in
offline CA maintenance
PKI documentation and Reference Library
Public Key Infrastructure
security update pki web services enrollment
SHA2 NIST SP800-78-2 SP800-57
smart card logon
Browse by Tags
Windows PKI blog
Tagged Content List
Certutil and Certreq
Kurt L Hudson MSFT
I have consolidated and updated two command line utilities recently: Certreq Certutil I took all the older links that I could find and pointed them to the locations above and then pointed out to the examples that we have already. Feel free to give me feedback on these consolidated documents...
8 Mar 2013
How to get request statistics by template in PowerShell
Alex Radutskiy [MSFT]
I’ve been working with our support folks helping one of our customers. One of the things we wanted to learn about the environment is how many requests have been made for each certificate template that they issue. We have come up with this PowerShell script that you can run against a CA to find out. ...
9 Sep 2009
Defining the friendly name certificate property
The friendly name of a certificate can be helpful if multiple certificates with a similar subject exist in a certificate store. One way to set the friendly name is through the certificate MMC SnapIn. Alternatively certutil.exe can be used in the following way: Open Notepad and past the following text...
12 Dec 2008
Disposition values for certutil –view –restrict (and some creative samples)
A while ago I explained how to determine all certificates that will expire within a given period. Now I’d like to explain how to query the CA database based on certificate or request disposition. The disposition ID’s are defined in the certsrv.h include file in the Windows SDK. The following two tables...
3 Oct 2008
Marking private keys as non-exportable with certutil -importpfx
When importing a PFX-file with the certificate import wizard, you can choose if the private key should be exportable or not. Your choice is stored in the key storage property identifier that is key-storage specific. In other words, there is no information in the certificate about the exportability of...
29 Jul 2007
A simple way to set the certutil -config option
When you are performing an operation on a remote CA, certutil requires the config string as input parameter. The common way to find out the config string is to run a certutil -dump command, list all available CAs in the Active Directory forest and copy/past the config parameter from the dump into the...
12 May 2007
Manually publishing a CA certificate or CRL into a LDAP store
The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”. If you are using a different LDAP server (such as Microsoft ADAM ) to make the CA certificate and CRL available, certificates and CRLs must...
13 Apr 2007
How to find out the max size of certificate attributes
The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema will tell for sure how many characters fit into...
26 Feb 2007
How to manually set the archive flag for certifictes
If you have to select a certain certificate for authentication for example, you may wonder why several certificates are presented by the UI. Internet Explorer may offer several client authentication certificates while securely connecting to a web site or Outlook presents a number of certificates that...
22 Feb 2007
Page 1 of 1 (9 items)
© 2013 Microsoft Corporation.
Privacy & Cookies