Monday, April 1, 2013

Determining the Microsoft Enterprise CA (Certificate Authority) name and server name

I’ve found that there are plenty of times when I needed to determine the CA name and the server name of a Microsoft Enterprise Certificate Authority whether it’s because I’m using a tool that does not or cannot auto discover Enterprise CA information to request a certificate or because I wanted to browse the /certsrv website of the CA.  As some administrators may know, one way of determining this information is to use adsiedit.msc to browse the configuration container then navigate to Services –> Public Key Services then to the AIA or CDP nodes but what I find most people don’t know is that you can actually open the command prompt and execute the following command:

certutil -config - -ping

image

… executing the command above will bring up the following window:

image

Click on the OK button will output the following in the command prompt:

C:\Users\tluk>certutil -config - -ping
svrcert02.someDomain.internal\SomeName Re
Connecting to svrcert02.someDomain.internal\SomeName Re ...
Server "SomeName Re" ICertRequest2 interface is alive (15ms)
CertUtil: -ping command completed successfully.

image

With this information, you can either take the FQDN of the server name and append it with /certsrv to get to the web page for enrolling or downloading certificates and/or fill in a CA path to request a certificate with serverFQDN\CA Name.

No comments: