PKI and Certificate Resources


Bookmark this!  https://aka.ms/PkiLinks

Email Great PKI Links Here

Having taken some recent internal PKI training, I decided to take my internal PKI resources, update with some of the newer concepts I have been learning about, and am now sharing with you.  This is a lot!  But if you want to really know PKI and Certificates, particularly around Windows Active Directory Certificate Services (AD CS), then there is plenty for you to read below 🙂 As I find new and update resources, I will refresh this blog.  Enjoy?

PRESENTATIONS AND TRAINING

PKI DESIGN GUIDANCE

ACTIVE DIRECTORY CERTIFICATE SERVICES (AD CS) OVERVIEW

ACTIVE DIRECTORY CERTIFICATE SERVER DEPLOYMENT

TOOLS

   Shortcuts of Tools on the operating system that you can access quickly from the Start menu!

  • Certmgr.msc | opens the local user certificate store - Windows client or server
  • Certlm.msc | opens the local computer certificate store - Windows client or server
  • Certsrv.msc | Windows Server Certificate Authority CA
  • Certtmpl.msc | Windows Server Certificate Templates
  • OCSP.msc | Windows Server AD CS Online Responder Configuration | Feature must be installed
  • PKIView.msc | Windows Server Enterprise Quick Health Monitoring
  • Tpm.msc | Trusted Platform Module Management

See your Policies

  • GPMC.msc | Group Policy Management Console
  • RSOP.msc | Shows the Resultant Set of Policies | Clients or Servers
  • Secpol.msc | Local Security Policies | Has PKI Policies
  • Services.msc| To show the following CA services running state | second part below is service alias
    • Active Directory Certificate Services |  CrtSvc
    • Cryptographic Services | CryptSvc
    • Online Responder Service | OCSPSvc

DOWNLOADS AND GUIDES

SCRIPTING PKI

PKI CONCEPTS AND URLS

Comments (1)

  1. Thomas Schittli says:

    Hello mzbowe

    thank you very much for this great collection of information, tricks and tools.

    There is one open question with Windows 2012 R2 PKI:
    Do we still need CAPolicy.inf or can we do everything with Certutil?
    It’s really hard to descide which settings must be in CAPolicy.inf and which must be defined using Certutil.

    Additionally, it’s unclear when the settings in CAPolicy.inf are applied and when the Certutil / Registry settings are applied.

    And what happens if the one property is assigned to a different value in CAPolicy.inf and using Certutil?

    If you know any reliable / official Microsoft documentation about this topic?

    Thanks a lot in advance,
    kind regards,
    Thomas Schittli

Skip to main content