Certutil

From WikiWiki
Jump to navigation Jump to search

certificate tool

notes


 #view ad store
 certutil -viewstore "ldap:///CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com"
 certutil -store -enterprise NTAuth
 certutil -store -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1"
 #delete from ntauth store
 certutil -delstore -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1"
 #get all certs after september with information about the private key
 certutil -view -restrict "NotBefore>=9/9/2015" -out "request.submittedwhen,Request.RequesterName,request.rawarchivedkey"
 #get all certificates about to expire
 $today=Get-Date
 $endperiod=$today.AddDays(31)
 certutil -view -restrict "NotAfter>=$today,NotAfter<=$endperiod" -out "RequestID,RequesterName,RequestType,Email,NotAfter,CommonName,CertificateTemplate,EnrollmentFlags"
 #get all certificates
 certutil -view -out CertificateTemplate -restrict "NotBefore > 08/20/2009" csv > out.txt 
 #get certificates by templatename
 certutil -view -restrict "certificate template=1.3.6.1.4.1.311.21.8.2819805.2707949.10374545.1112108.15908497.246.7506132.8196480" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition > c:\Template1-Requests.txt
 # or for default templates use the name instead of the OID like so
 certutil -view -restrict "certificate template=user" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition
 #get certificates by requestor
 certutil -view -restrict "RequesterName=CONTOSO\user1" -out SerialNumber,StatusCode
 #disposition is the status -> http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx
 certutil -view -restrict "RequestId=$,Disposition=20" -out RawCertificate
 

all columns: https://technet.microsoft.com/nl-be/library/cc783853%28v=ws.10%29.aspx


sources: