16.3 Administration and troubleshooting tools


The primary administration and troubleshooting interfaces in a Windows Server 2003 PKI are the Certification Authority and Certificate Templates MMC snap-ins. Windows Server 2003 PKI also comes with a set of interesting command-line utilities: certutil (switches are listed in Table16.13) and certreq (switches are listed in Table 16.14). The functionality of the dsstore utility that was coming with Windows 2000 PKI has now been merged into the certutil utility. The Windows Server 2003 Resource Kit includes the PKI Health (based on the pkiview.dll) and the Key Recovery (krt.exe) utilities.

Table 16.13: Important Certutil Switches

Goal

Certutil Switch

Display CA configuration information

-dump

Retrieve CA certificate

-ca.cert

Retrieve CA certificate chain

-ca.chain

Revoke certificates

-revoke

Publish certificates or CRLs to AD

-dspublish

Publish the CRL or delta CRL

-CRL

Check certificate, CRL, or certificate chain validity

-verify

Deny pending certificate request

-deny

Set attributes on pending certificate requests

-setattributes

Verify a key set

-verifykeys

Decode or encode base 64

-decode

-encode

Shut down the CA server

-shutdown

Display the CA database schema

-schema

Verify CRL or certificate URLs (CDP, AIA)

-url

Merge *.pfx files

-mergepfx

Backup and restore CA keys and database

-backup
-restore
-backupDB
-restoreDB
-backupKey
-restoreKey

Display CA database locations

-databaselocations

Display certificates in the machine certificate store

-store

Display certificates in the machine certificate store and verifies certificates and private keys

-verifystore

Display certificates in the user certificate store

-user -store

Display error code message text

-error

Import certificates into the database

-importcert

Set, display, delete CA registry settings

-setreg
-getreg
-delreg

Create or remove CA Web virtual roots and file shares

-vroot

Retrieve archived private key recovery blob

-getkey

Recover archived private key

-recoverkey

Table 16.14: Important Certreq Switches

Goal

Certreq Switch

Submit a certificate request to a CA

-submit

Retrieve certificates, that were set to pending, from the CA

-retrieve

Create a cross-certification or qualified subordination certificate request

-policy




Windows Server 2003 Security Infrastructures. Core Security Features of Windows. NET
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net