View Intermediate CA certificate store
To view the content of the client computer’s Intermediate Certification Authorities certificate store, type the following command at a command-line prompt.C:\Windows\System32>certutil -enterprise -viewstore CA
View NTAuth Container
To view the content of the NTAuth container in AD DS for a domain named Corp.contoso.com, you would type the following command on a single line and press ENTER:C:\Windows\System32>certutil -viewstore "ldap:///CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com"
NTAuth update
To update the content of the NTAuth container in AD DS for a domain controller, you would type the following command on a single line and press ENTER:C:\Windows\System32>certutil -dspublish -f "the_certificate" NTAuthCA
View Trusted Root CAs
To view the content of the client computer’s Trusted Root Certification Authorities Enterprise certificate store, type the following command at a command-line prompt.C:\Windows\System32>certutil -enterprise -viewstore Root
Add Trusted Root CAs
To add certificates of the client computer’s Trusted Root Certification Authorities Enterprise certificate store, type the following command at a command-line prompt.C:\Windows\System32>certutil -addstore Root "Certificate name"
View Domain Controller cert status
To view the status of the Domain Controller certificates, type the following command at a command-line prompt.C:\Windows\System32>certutil -dcinfo verify
Check Domain Controller cert revocation status
To check for these conditions:
- Open the certificate, click on the details tab, and select "Copy to
file" to export the certificate (DER format is fine). At the command
prompt, run:
C:\Windows\System32>Certutil -verify -urlfetch SERVER.cer
No comments:
Post a Comment