Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
A simple way to set the certutil -config option
Published Jan 24 2020 01:41 PM 4,742 Views

First published on TECHNET on May 12, 2007

When you are performing an operation on a remote CA, certutil requires the config string as input parameter. The common way to find out the config string is to run a certutil -dump command, list all available CAs in the Active Directory forest and copy/past the config parameter from the dump into the new command-line.




There is a much simpler way to set the config string in certutil. Just use a dash as config string and certutil will show a selection dialog with all CAs that are registered in your Active Directory forest.




For example to verify the responsiveness of a remote CA, run the following command and select the target CA from the list of available CAs.


certutil –config - -ping



Version history
Last update:
‎Feb 20 2020 02:41 PM
Updated by: