Certutil
The case of accidentally deleted user certificates
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Sometimes users accidentally delete their certificates from personal store. After that users are not able to perform certificate-based tasks, i.e. decrypt files or mail, sign data and authenticate. Some organizations implement Key Archival for certificate and private…
Read MoreUnderstanding Active Directory Certificate Services containers in Active Directory
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Hello folks! Today I want to explain in details about Active Directory containers related to ADCS (Active Directory Certificate Services), their purposes and how they work. Intro All ADCS related containers are stored in configuration…
Read More‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Issue Consider the following scenario: you are dumping CA database by using certutil, PowerShell or any other tool that utilizes ICertView2 interface and at some point you receive the following error Certutil: CertUtil: -view command FAILED: 0x80070006 (WIN32: 6) CertUtil:…
Read MoreIgnore Revocation Checking – The bane of my existence!
As students in my PKI training classes know, one of the areas I am a vocal about is the blind use of the CRLF_REVCHECK_IGNORE_OFFLINE setting in a PKI environment. I am so adamantly against the use of this setting, I personally refuse to ever explicitly share or type the syntax to enable this nasty beast.…
Read MoreNew Certutil Argument – DownloadOCSP and Details of Caching issue with -Verify
During the development of my new ADCS Advanced PKI Training Class, I was working on creating a process to demonstrate how to manipulate the OCSP caching behavior in Windows. If you aren’t already aware, Microsoft OCSP responders use the expiration date of the authoritative CRL used for their answers as the expiration date (Next Update…
Read More