Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » certutil   (RSS)
Friday, October 03, 2008 12:30 PM

Disposition values for certutil –view –restrict (and some creative samples)

A while ago I explained how to determine all certificates that will expire within a given period. Now I’d like to explain how to query the CA database based on certificate or request disposition. The disposition ID’s are defined in the certsrv.h include
Posted by MS2065 | 0 Comments
Filed under:
Thursday, September 13, 2007 9:51 AM

How to refresh the CRL cache on Windows Vista

By default, Windows is caching Certificate Revocation Lists (CRL) and CA certificates to quickly verify certificate chains. The downside of this behavior is that a newer CRL is not picked up by the client until the locally cached CRL has expired. Windows
Posted by MS2065 | 1 Comments
Filed under: ,
Sunday, July 29, 2007 9:00 PM

Marking private keys as non-exportable with certutil -importpfx

When importing a PFX-file with the certificate import wizard, you can choose if the private key should be exportable or not. Your choice is stored in the key storage property identifier that is key-storage specific. In other words, there is no information
Posted by MS2065 | 2 Comments
Filed under:
Saturday, May 12, 2007 7:07 PM

A simple way to set the certutil -config option

When you are performing an operation on a remote CA, certutil requires the config string as input parameter. The common way to find out the config string is to run a certutil -dump command, list all available CAs in the Active Directory forest and copy/past
Posted by MS2065 | 0 Comments
Filed under:
Friday, April 13, 2007 10:27 AM

Manually publishing a CA certificate or CRL into a LDAP store

The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”. If you are using a different LDAP server (such as Microsoft ADAM ) to make the CA certificate
Posted by MS2065 | 2 Comments
Filed under: ,
Monday, February 26, 2007 7:52 AM

How to find out the max size of certificate attributes

The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema
Posted by MS2065 | 0 Comments
Filed under: ,
Thursday, November 30, 2006 5:57 PM

Basic CRL checking with certutil

I want to start this blog with a very basic topic: CRL checking. In the past we have documented a lot about CRL checking but I am still seeing that people have difficulties to verify if a certificate is valid or not. We have two whitepapers about CRL
Posted by MS2065 | 1 Comments
Filed under:
 
Page view tracker