A simple way to set the certutil -config option
Published Jan 24 2020 01:41 PM 2,071 Views
Microsoft

First published on TECHNET on May 12, 2007

When you are performing an operation on a remote CA, certutil requires the config string as input parameter. The common way to find out the config string is to run a certutil -dump command, list all available CAs in the Active Directory forest and copy/past the config parameter from the dump into the new command-line.

 

 

 

There is a much simpler way to set the config string in certutil. Just use a dash as config string and certutil will show a selection dialog with all CAs that are registered in your Active Directory forest.

 

 

 

For example to verify the responsiveness of a remote CA, run the following command and select the target CA from the list of available CAs.

 

certutil –config - -ping

 

 

Version history
Last update:
‎Feb 20 2020 02:41 PM
Updated by: