Summary
How to use Windows CertUtil for managing certificates.
Requirements
- Command Prompt (CMD or Windows Terminal)
Instructions
Working with Certificate Templates
List templates
1
certutil -CATemplates -Config
Request cert against template
1
certreq -attrib "CertificateTemplate:WebServer"
Certificate Authority Database Cleanup
Type of records:
| Name | Description | Type of date |
|---|---|---|
| Request | Failed and pending certificates | Submission date |
| Cert | Expired and revoked certificates | Expiration date |
| CRL | CRL table | Expiration date |
Request - Delete all failed and pending requests submitted by December 30th 2018
1
Certutil -deleterow 30/12/2019 Request
Cert - Delete all expired and revoked certificates expired by December 30th, 2018
1
Certutil -deleterow 30/12/2018 Cert
CRL - Delete all CRLs that expired by January 1st, 2017
1
Certutil -deleterow 01/01/2017 CRL