I’ve found that there are plenty of times when I needed to determine the CA name and the server name of a Microsoft Enterprise Certificate Authority whether it’s because I’m using a tool that does not or cannot auto discover Enterprise CA information to request a certificate or because I wanted to browse the /certsrv website of the CA. As some administrators may know, one way of determining this information is to use adsiedit.msc to browse the configuration container then navigate to Services –> Public Key Services then to the AIA or CDP nodes but what I find most people don’t know is that you can actually open the command prompt and execute the following command:
certutil -config - -ping
… executing the command above will bring up the following window:
Click on the OK button will output the following in the command prompt:
C:\Users\tluk>certutil -config - -ping
svrcert02.someDomain.internal\SomeName Re
Connecting to svrcert02.someDomain.internal\SomeName Re ...
Server "SomeName Re" ICertRequest2 interface is alive (15ms)
CertUtil: -ping command completed successfully.
With this information, you can either take the FQDN of the server name and append it with /certsrv to get to the web page for enrolling or downloading certificates and/or fill in a CA path to request a certificate with serverFQDN\CA Name.
No comments:
Post a Comment