ADCS : certuil syntax

Description | Syntax | Parameters | Switches | Related | Notes | Examples | Errorlevels | Availability

Certutil tasks for managing a Certification Authority (CA).

Syntax

Parameters

      • attribute_string (NT2003)
        • Specifies the request attribute string to be set on the request identifier certificate.
        • Use \n to separate multiple values in a string.
        • Requests the attribute name and value pairs. Separate names and value pairs with a colon. Multiple name and value pairs are separated by placing them on a new line.
      • backup_directory (NT2003)
        • Specifies the backup directory.
        • You can use the -f to overwrite existing files in backup_directory.
      • certificate_file (NT2003)
        • Specifies the certificate.
        • Specifies the CA signature certificate that contains the public key used to verify digital signatures.
      • certificate_store (NT2003)
        • Specifies the certificate will be published to:
          • crossca cross-certified CA store
          • kra key recovery agent store
          • machine computer store
          • ntauthca NTAuth store
          • rootca root CA store
          • subca subordinate CA store
          • user user store
      • configuration_file (NT2003)
        • Specifies the file name of the configuration file that you want to display.
      • crl_file (NT2003)
        • Specifies the certificate revocation list.
      • date (NT2003)
        • Specifies a date restriction on which to query.
        • You can use the mm/dd/yyyy 00:00 date format, where 00:00 is standard time that must be designated as either AM or PM.
        • If you specify Date without a time of day, deletes all of the requests issued before the specified date, but it does not delete the requests issued on the specified date.
        • If you delete rows by Date, does not delete the CA certificate or the CA certificate chain rows. To delete the CA certificate and the CA certificate chain rows, you must delete rows by row_id.
        • If Date occurs in the future, fails and displays an invalid parameter error. Use -f to override the invalid parameter error.
      • DSCDP_container (NT2003)
        • Specifies the Active Directory Certificate revocation list Distribution Point (CDP) container Common Name (CN), usually the CA computer name.
      • DSCDP_object (NT2003)
        • Specifies the Active Directory Certificate revocation list Distribution Point (CDP) object Common Name (CN), usually based on the sanitized CA short name and key index.
      • extension_name (NT2003)
        • Specifies the ObjectID string of the extension.
      • flags (NT2003)
        • Sets the extension:
          • 0 noncritical
          • 1 critical
      • @in_file (NT2003)
        • Specifies a string that is accepted in one of the following formats if the string meets the specified criteria: @In_File If the value starts with the @ symbol, the rest of the token is the file name containing binary data or an ASCII-text hexadecimal dump.
      • key_container_name (NT2003)
        • Specifies the key container name of the key to verify.
      • language_id (NT2003)
        • Sets the local language identifier for the specified object. local_friendly_name appears in the specified language.
        • Decimal representation of a hexadecimal local identifier (LCID) value.
        • If you do not specify, uses the current system default, which is 1033.
      • local_friendly_name (NT2003)
        • Specifies the display name that you want to add to the certificate template.
      • reason (NT2003)
        • Specifies one of:
          • 0 Unspecified (does not provide information about revocation reasons)
          • 1 Key compromise
          • 2 CA compromise
          • 3 Affiliation change
          • 4 Superseded
          • 5 Cessation of operation
          • 6 Hold revocation (CANNOT be revoked)
          • 8 Remove from CRL
          • -1 Unrevoke
      • PFX_file (NT2003)
        • ies the PKCS #12 PFX file.
      • request_id (NT2003)
        • Specifies the request identifier number.
        • Must be in decimal format (or hexadecimal format with a leading 0x).
      • row_id (NT2003)
        • Specifies the request identifier of the row that you want to delete.
      • serial_number (NT2003)
        • Specifies the serial number of the certificate that you want to revoke.
        • Must be in hexadecimal format with an even number of digits. A single zero (0) can be prefaced to a value with an odd number of digits. No leading 0x is allowed.
      • table (NT2003)
        • One of:
          • request request table
          • cert certificate table
          • ext certificate extensions table
          • attrib attribute table
          • crl certificate revocation list (CRL) table
      • template (NT2003)
        • Specifies the template.
      • « template_oid » (NT2003)
        • Specifies the object identifier of the certificate template.

Switches

      • -backupkey (NT2003)
        • Backs up the Certificate Services certificate and private key.
      • -catemplates (NT2003)
        • Displays CA templates.
      • -config machine\user (NT2003)
        • Processes the operation by using the CA specified in the machine/user configuration string.
        • You must specify the machine or user in -config. Otherwise, the Select Certificate Authority dialog box appears and displays a list of all CAs that are available.
        • If you use « -config -« , the operation is processed using the default CA.
      • -databaselocations (NT2003)
        • Displays database locations.
        • The hexadecimal buffer offset and hexadecimal type tag are displayed on each line.
      • -dc dc_name (NT2003)
        • Targets a specific domain controller.
      • -deleterow (NT2003)
        • Deletes a row in the CA database.
        • You can use this to delete « denial of service » errors.
        • When deleting more than one row with this command, you must be both a CA Administrator and a Certificate Manager to complete the task. The CA must not be configured to enforce role separation in this case.
      • -deny (NT2003)
        • Denies the pending certificate request.
      • -dsPublish (NT2003)
        • Publishes a new certificate or CRL to the CA object in Active Directory.
        • You must be logged on as a computer administrator to complete this procedure.
      • -dump (NT2003)
        • Dumps configuration information or files.
      • -dynamicfilelist (NT2003)
        • Displays dynamic file list.
        • Includes the local copy of the certificate revocation list (CRL) on the server.
        • The hexadecimal buffer offset is displayed on each line.
      • -f (NT2003)
        • Overwrites existing files or keys.
      • -gmt (NT2003)
        • Displays time as Greenwich mean time.
      • -mt (NT2003)
        • Displays the computer templates.
      • -oid (NT2003)
        • Defines a display name in a certificate template.
      • -out column_list (NT2003)
        • Specifies a comma-separated column list.
      • -p password (NT2003)
        • Specifies a password.
        • The maximum length allowed for a PFX file password is 32 characters.
      • -restrict restriction_list (NT2003)
        • Restricts which rows from the schema are displayed. Specifies a comma-separated restriction list.
      • -restorekey (NT2003)
        • Restores Certificate Services certificate and private key from the specified backup_directory or PKCS #12 PFXFile.
      • -resubmit (NT2003)
        • Resubmits the pending request.
      • -revoke (NT2003)
        • Revokes the certificate.
      • -seconds (NT2003)
        • Displays time with seconds and milliseconds.
      • -setattributes (NT2003)
        • Sets the attributes for the pending request.
      • -setextension (NT2003)
        • Sets the extension for the pending request.
      • -shutdown (NT2003)
        • Shuts down the CA server.
      • -silent (NT2003)
        • Uses a silent flag to acquire CryptContext.
      • -split (NT2003)
        • Splits the embedded Abstract Syntax Notation One (ASN.1) elements, and saves them to files.
      • -user (NT2003)
        • Uses the HKEY_CURRENT_USER keys or certificate store.
      • -ut (NT2003)
        • Displays the user templates.
      • -v (NT2003)
        • Specifies verbose output.
      • -verifykeys (NT2003)
        • Verifies the public and private keys for the specified CA.
      • -view (NT2003)
        • Dumps the certification authority database view.
      • Related

 

Collé à partir de <http://www.tekweb.dk/manuals/command/commands/c/CERTUTIM.HTM>

Laisser un commentaire