Helpful Toolbox
Below is a list of helpful Windows tools:
- certlm.msc
- certmgr.msc
- certreq.exe
- certsrv.msc
- Certutil.exe
- gpmp.msc
- gpupdate.exe
- hsmcons.exe
- pkiview.msc
- rsop.msc
- sc query <svcname>
Certificate manager (local computer/machine)
Certificate manager (current user)
Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.
Microsoft AD CS (Certification Authority)
Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. E.g. to verify CRL, certificates:
certutil -URL “http://crl1.hsmdemo.test/certenroll/DEMO-CAR-CA.crl”
certutil -URL C:\issdemokey.cer To dump requests and certificates:
certutil -dump <certificate.req/cer>
certutil -repairstore my *
Change group policy management (e.g. password policy, …)
Refreshes the local computers policy and any Active Directory based Group policies (e.g. gpupdate /force)
KSP/CNG test tool for the Primus HSM (within the Debug Build Folder … \SecurosysPrimusKsp_v1.xx.y\bin\Debug\x86)
Enterprise PKI MMC snap-in allows to assess and manage the health of a Windows Enterprise CA hierarchy
Resultant Set of Policy utility, to check group policy
Service Control query