Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certutil]

19 questions
13
votes
1 answer

How to find out where a Certificate Request came from

I have a CA setup on Server 2012 R2, the person who ran the server left the company and I have setup a new CA server. I am trying to figure out what systems / URL's the certs are for. In the List of Issued Certificated is the following: Request ID:…
Anthony Fornito
  • 9,526
  • 1
  • 33
  • 122
5
votes
1 answer

How do I sign a new FreeIPA Server's internal CA with my organizational internal CA?

My organization has an internal Certificate Authority (CA) which we have already generated many internal certificates and have installed on machines. I am setting up a FreeIPA LDAP/Kerberos server and after the initial install, it has generated an…
Josh
  • 9,001
  • 27
  • 78
  • 124
3
votes
1 answer

How to import SSL certificates in a 389 Directory Server using the command line?

I am trying to setup a new 389 Directory Server in a RHEL machine and I am trying to configure SSL for LDAPS using the command line. I have just spent several hours digging through every piece of information on how to do this but every page keeps…
ByteFlinger
  • 193
  • 1
  • 7
2
votes
1 answer

Can't import PFX with CERTUTIL -- "Keyset does not exist"

We have a PFX file that when used on any other Windows system (Server 2008 R2, 7, 8) installs fine. On 2 of my servers, the import fails like so: CertUtil: -importPFX command FAILED: 0x80090016 (-2146893802) CertUtil: Keyset does not exist We…
neildeadman
  • 664
  • 2
  • 20
  • 33
1
vote
0 answers

How does certutil determine that a cert is revoked

I'm testing that an x509 certificate can be correctly determined to be revoked. I'm taking the cert from https://revoked.badssl.com and verifying it via certutil. When my system is online, it seems to pull the CRL and determine that it is revoked. I…
Stealth Rabbi
  • 111
  • 4
1
vote
1 answer

CRL revocation check failed

Issue with crl revocation check. I can telnet target server on port 80. I can download crl with internet explorer. But when i launch certutil : C:\Users\Administrateur\Desktop>certutil -urlfetch -verify alex.cer Émetteur: CN=get-SRV-DC-CA …
Alex Lum
  • 125
  • 1
  • 4
  • 13
1
vote
0 answers

Using Certutil to manage CA, show certificates for requester name/id and revoke

I am searching for another way to manage my CA. I wrote a powershell script, which allows me to show all my certificates for a specified requester name or request id and to revoke those certificates. Is it possible to do this in certutil? I can't…
Envy
  • 23
  • 4
1
vote
1 answer

Certutil in CentOS complaining of an incorrect password

I just setup a minimum Centos 7 and ran pwgen and tried to create a new database. It complains that it is the incorrect password. These are my commands: # pwgen -sy 32 1 > /etc/openldap/certs/password # certutil -d /etc/openldap/certs -N -f…
kevbuntu
  • 159
  • 1
  • 7
1
vote
0 answers

network device enrollment service greyed out

I've recently installed AD Certification Authority on one of our DCs. It acts as a subordinate enterprise CA, the Root CA is a standalone offline root CA and there is no connection between those two CAs. I've requested a Certificate for the…
ITguy
  • 11
  • 2
1
vote
1 answer

Certificate status still pending even after completion

I have exchange 2013 on Azure VM which is also a DC. for using services like autodiscover etc I need to get a valid 3rd Party certificate which I got from STARTSSL, I generated the request and got the certificate downloaded along with private key…
Mashal Khan
  • 15
  • 3
1
vote
1 answer

Easiest way to generate PFX certificate (Windows)

At the moment to generate PFX Certificate, I use openssl and: Generate a CSR with its private key Connect to my CA website (Microsoft CA), and submit CSR along with (san:dns=) additional attribute. From certificate authority I issue the pending…
Florian Bidabé
  • 334
  • 2
  • 10
1
vote
1 answer

How to Delete CRL Files in Local Cert Store

I need to import CRL files to a Bastion server that is not part of my environments domain. The CRL files are updated every few days so a new copy needs to be imported to the local cert store on the Bastion frequently. I noticed when I do a fresh…
jrd1989
  • 628
  • 10
  • 35
1
vote
1 answer

Add self-made certificate as trusted

I have a locally generated root certificate (Company_CA.pem) used to sign PDF files. The signing process works fine and, after installing the public key on Adobe, I'm able to verify signatures and certificate. Now, I need to do that in the terminal,…
Sig
  • 131
  • 4
1
vote
0 answers

Windows: CertUtil "Error => Pending OCSP response download"

I am trying to debug why Windows does not accept the responses from my OCSP responder as valid. I am using the command CertUtil -downloadOcsp .\certs .\ocsp_responses downloadonce A single p7b certificate is in the certs directory. I read the log of…
Charlweed
  • 209
  • 2
  • 12
0
votes
2 answers

How Do I Migrate SSL Certificates from an NGINX web server to IIS?

I used to host a website in my Linux Server. I bought a SSL certificate from GoDaddy, and https://www.example.com worked well for the site. Today, I wanted to move the site from the Linux Server to Windows Server 2012 R2. I have done the…
Tie
  • 223
  • 1
  • 2
  • 11
1
2