Questions tagged [certutil]
The certutil tag has no usage guidance.
22
questions
13
votes
1
answer
2k
views
How to find out where a Certificate Request came from
I have a CA setup on Server 2012 R2, the person who ran the server left the company and I have setup a new CA server.
I am trying to figure out what systems / URL's the certs are for.
In the List of ...
- 9,566
5
votes
1
answer
1k
views
How do I sign a new FreeIPA Server's internal CA with my organizational internal CA?
My organization has an internal Certificate Authority (CA) which we have already generated many internal certificates and have installed on machines.
I am setting up a FreeIPA LDAP/Kerberos server ...
- 9,198
3
votes
1
answer
1k
views
How to import SSL certificates in a 389 Directory Server using the command line?
I am trying to setup a new 389 Directory Server in a RHEL machine and I am trying to configure SSL for LDAPS using the command line.
I have just spent several hours digging through every piece of ...
- 193
2
votes
1
answer
3k
views
Can't import PFX with CERTUTIL -- "Keyset does not exist"
We have a PFX file that when used on any other Windows system (Server 2008 R2, 7, 8) installs fine. On 2 of my servers, the import fails like so:
CertUtil: -importPFX command FAILED: 0x80090016 (-...
- 684
1
vote
1
answer
5k
views
CRL revocation check failed
Issue with crl revocation check.
I can telnet target server on port 80.
I can download crl with internet explorer.
But when i launch certutil :
C:\Users\Administrateur\Desktop>certutil -urlfetch -...
- 155
1
vote
1
answer
10k
views
Easiest way to generate PFX certificate (Windows)
At the moment to generate PFX Certificate, I use openssl and:
Generate a CSR with its private key
Connect to my CA website (Microsoft CA), and submit CSR along with (san:dns=) additional attribute.
...
- 334
1
vote
2
answers
907
views
How to Delete CRL Files in Local Cert Store
I need to import CRL files to a Bastion server that is not part of my environments domain. The CRL files are updated every few days so a new copy needs to be imported to the local cert store on the ...
- 688
1
vote
1
answer
713
views
Add self-made certificate as trusted
I have a locally generated root certificate (Company_CA.pem) used to sign PDF files.
The signing process works fine and, after installing the public key on Adobe, I'm able to verify signatures and ...
- 151
1
vote
0
answers
226
views
Windows: CertUtil "Error => Pending OCSP response download"
I am trying to debug why Windows does not accept the responses from my OCSP responder as valid. I am using the command
CertUtil -downloadOcsp .\certs .\ocsp_responses downloadonce
A single p7b ...
- 249
1
vote
0
answers
2k
views
How does certutil determine that a cert is revoked
I'm testing that an x509 certificate can be correctly determined to be revoked. I'm taking the cert from https://revoked.badssl.com and verifying it via certutil. When my system is online, it seems to ...
- 111
1
vote
0
answers
1k
views
Using Certutil to manage CA, show certificates for requester name/id and revoke
I am searching for another way to manage my CA.
I wrote a powershell script, which allows me to show all my certificates for a specified requester name or request id and to revoke those certificates.
...
- 23
1
vote
1
answer
537
views
Certutil in CentOS complaining of an incorrect password
I just setup a minimum Centos 7 and ran pwgen and tried to create a new database. It complains that it is the incorrect password.
These are my commands:
# pwgen -sy 32 1 > /etc/openldap/certs/...
- 169
1
vote
0
answers
1k
views
network device enrollment service greyed out
I've recently installed AD Certification Authority on one of our DCs. It acts as a subordinate enterprise CA, the Root CA is a standalone offline root CA and there is no connection between those two ...
- 11
1
vote
1
answer
2k
views
Certificate status still pending even after completion
I have exchange 2013 on Azure VM which is also a DC. for using services like autodiscover etc I need to get a valid 3rd Party certificate which I got from STARTSSL, I generated the request and got the ...
- 15
0
votes
2
answers
3k
views
How Do I Migrate SSL Certificates from an NGINX web server to IIS?
I used to host a website in my Linux Server. I bought a SSL certificate from GoDaddy, and https://www.example.com worked well for the site.
Today, I wanted to move the site from the Linux Server to ...
- 223
0
votes
2
answers
3k
views
FreeIPA Intermediate CA Certificate Expired
We have 2 FreeIPA servers running in our network, today we found this: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
One of the intermediate ...
- 171
0
votes
1
answer
629
views
How to convert a CER file to PFX using certutil
I have an SSL certificate from GoDaddy in the following formats
CRT
PEM
P7B
I also downloaded the CSR and private key as text files.
However I need to convert these to PFX format in order to install ...
- 101
0
votes
1
answer
112
views
certutil over ssh (RPC server is unavailable)
When executing a certutil request from a local powershell everything is ok.
PS C:\Users\admuser> certutil -ping -config 'caserver\ca'
Connecting to caserver\ca ...
Server "ca" ...
- 111
0
votes
1
answer
1k
views
check MD5 checksums from md5 file in Windows
Hopefully a simple question, does a simple Windows command line equivalent to md5sum --check [files.md5] exist? Alternatively, something I can script as a batch file.
I can generate the hashes file ...
- 1
0
votes
2
answers
1k
views
Decrypt a pcks8 private key file on windows?
Is there any way on standard Windows Server (such as with certutil?) to decrypted a pkcs8 pem encrypted private key?
i.e. What is the equivalent on windows of:
openssl pkcs8 -in key.enc -out key.pem
...
- 101
0
votes
1
answer
575
views
Where is the data about certificate is stored when i run dspublish in a domain joined computer?
When is run the command certutil -f -dspublish "CA01_Fabrikam Root CA.crt" RootCA
Output is
ldap:///CN=Fabrikam Root CA,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=...
- 13
0
votes
1
answer
2k
views
certutil -TCAInfo error message RegConnectRegistry/RegOpenKeyEx: The network path was not found. 0x80070035 (WIN32: 53 ERROR_BAD_NETPATH)
Recently we noticed the following errors were occurring daily in our Event Logs for servers in our DMZ:
CertificateServicesClient-CertEnroll EventID 82
Certificate enrollment for Local system failed ...
- 5,640