see sharp RSS 2.0
# Monday, 10 December 2012

Much more because I tend to forget these things all the time than anything else:

Certutil -Setreg Policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
NET Stop certsvc
Net Start certsvc

then you can create a INF file with the following:

[NewRequest]

Subject="CN=<your real hostname here>"



[RequestAttributes]

CertificateTemplate="<your templatename here>"

SAN="DNS==<your real hostname here>&DNS=<hostname1>&DNS=<hostname2>"

 

Monday, 10 December 2012 14:17:28 (Mitteleuropäische Zeit, UTC+01:00)  #    -
CA | Certificates | Registry
# Thursday, 11 March 2010

To enable foreign key import on a MS CA you need to set the registry accordingly:

certutil –setreg ca\KRAFlags +KRAF_ENABLEFOREIGN

then, after a restart of the CA service, you can start importing:

certutil -f -importKMS /?
Usage:
  CertUtil [Options] -ImportKMS UserKeyAndCertFile [CertId]
  Import user keys and certificates into server database for key archival
    UserKeyAndCertFile -- Data file containing user private keys and certificates to be archived.  This can be any of the following:
            Exchange Key Management Server (KMS) export file
            PFX file
            Outlook key export (EPF) file
    CertId -- KMS export file decryption certificate match token.  See -store.
    Use -f to import certificates not issued by the CA.
Options:
  -f                -- Force overwrite
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -silent           -- Use silent flag to acquire crypt context
  -split            -- Split embedded ASN.1 elements, and save to files
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -config Machine\CAName    -- CA and Machine name string
  -p Password               -- Password
  -symkeyalg SymmetricKeyAlgorithm[,KeyLength] -- Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES
CertUtil -?              -- Display a verb list (command list)
CertUtil -ImportKMS -?   -- Display help text for the "ImportKMS" verb
CertUtil -v -?           -- Display all help text for all verbs

 

Thursday, 11 March 2010 08:51:53 (Mitteleuropäische Zeit, UTC+01:00)  #    -
CA
# Wednesday, 02 September 2009

I often have to diagnose CA 'misbehaviours' and its even more often when I have to lookup where the hell the logfiles are and hor to enable the logging. So a bit of googelingbinging and found this http://blogs.msdn.com/windowsvistanow/archive/2008/04/08/troubleshooting-certificate-enrollment.aspx

Certification Authority Settings

  • Enable Certificate Services Debug Logging by running the following commands on the CA:
    certutil.exe -f -setreg ca\debug 0xffffffff
    Net Stop Certsvc && Net Start Certsvc
  • The following log files will be created:
    %SystemRoot%\certsrv.log (Certsrv.exe) Certificate Services
    %SystemRoot%\certutil.log (Certutil.exe)
    %SystemRoot%\certreq.log (Certreq.exe)
    %SystemRoot%\certmmc.log (Certmmc.dll) Certificate Services MMC snap-in
    %SystemRoot%\certocm.log (Certocm.dll) Certificate Services Setup

take a look, there are is more useful information there...

 

Ah, and if you use CLM/FIM this might be of interest as well:

http://technet.microsoft.com/en-us/library/cc720663(WS.10).aspx#BKMK_TraceModules

Wednesday, 02 September 2009 20:49:27 (Mitteleuropäische Sommerzeit, UTC+02:00)  #    -
CLM | Tracing | CA
Archive
<2017 December>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Any link on this site may lead to an external website that is not under my control and that external website might show an opinion that is not mine.

© Copyright 2017
Hannes Köhler
Sign In
Statistics
Total Posts: 39
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2017, Hannes Köhler
DasBlog theme 'Business' created by Christoph De Baene (delarou)