Certutil: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 8: | Line 8: | ||
certutil -store -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" | certutil -store -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" | ||
certutil -delstore -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" | certutil -delstore -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" | ||
#get all certs after september with information about the private key | |||
certutil -view -restrict "NotBefore>=9/9/2015" -out "request.submittedwhen,Request.RequesterName,request.rawarchivedkey" | |||
#get all certificates about to expire | |||
$today=Get-Date | |||
$endperiod=$today.AddDays(31) | |||
certutil -view -restrict "NotAfter>=$today,NotAfter<=$endperiod" -out "RequestID,RequesterName,RequestType,Email,NotAfter,CommonName,CertificateTemplate,EnrollmentFlags" | |||
#get all certificates | |||
certutil -view -out CertificateTemplate -restrict "NotBefore > 08/20/2009" csv > out.txt | |||
#get certificates by templatename | |||
certutil -view -restrict "certificate template=1.3.6.1.4.1.311.21.8.2819805.2707949.10374545.1112108.15908497.246.7506132.8196480" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition > c:\Template1-Requests.txt | |||
# or for default templates use the name instead of the OID like so | |||
certutil -view -restrict "certificate template=user" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition | |||
#get certificates by requestor | |||
certutil -view -restrict "RequesterName=CONTOSO\user1" -out SerialNumber,StatusCode | |||
#disposition is the status -> http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx | |||
certutil -view -restrict "RequestId=$,Disposition=20" -out RawCertificate | |||
all columns: https://technet.microsoft.com/nl-be/library/cc783853%28v=ws.10%29.aspx | |||
sources: | |||
* http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx | |||
* https://sysengblog.wordpress.com/2012/04/03/complete-microsoft-certificate-authority-maintenance-procedure/ |
Revision as of 16:53, 30 October 2015
certificate tool
notes
certutil -viewstore "ldap:///CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com" certutil -store -enterprise NTAuth certutil -store -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" certutil -delstore -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1"
#get all certs after september with information about the private key certutil -view -restrict "NotBefore>=9/9/2015" -out "request.submittedwhen,Request.RequesterName,request.rawarchivedkey" #get all certificates about to expire $today=Get-Date $endperiod=$today.AddDays(31) certutil -view -restrict "NotAfter>=$today,NotAfter<=$endperiod" -out "RequestID,RequesterName,RequestType,Email,NotAfter,CommonName,CertificateTemplate,EnrollmentFlags" #get all certificates certutil -view -out CertificateTemplate -restrict "NotBefore > 08/20/2009" csv > out.txt #get certificates by templatename certutil -view -restrict "certificate template=1.3.6.1.4.1.311.21.8.2819805.2707949.10374545.1112108.15908497.246.7506132.8196480" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition > c:\Template1-Requests.txt # or for default templates use the name instead of the OID like so certutil -view -restrict "certificate template=user" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition #get certificates by requestor certutil -view -restrict "RequesterName=CONTOSO\user1" -out SerialNumber,StatusCode
#disposition is the status -> http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx certutil -view -restrict "RequestId=$,Disposition=20" -out RawCertificate
all columns: https://technet.microsoft.com/nl-be/library/cc783853%28v=ws.10%29.aspx
sources: