Vadims has published a couple of articles with great examples of how to use PowerShell to manage CRLs (Certificate Revocation List) and local certificate stores.
CRL tasks include:
- Importing CRL:
$crl = Import-QADCertificateRevocationList -File C:\pica-1.crl
- Reviewing CRL details:
$crl | format-list *
- Add CRL to local certificate store:
Add-QADCertificateRevocationList -CRL $crl -Store $store
- CRL removal:
Get-QADCertificateRevocationList -Store $store | where-object {$_.IssuedBy -like "sysadmins*"} | Remove-QADCertificateRevocationList -Store $store
- CRL export:
Export-QADCertificateRevocationList -CRL $crl -File c:\customcrl.crl
- Publishing CRL:
Publish-QADCertificateRevocationList -CRL $crl -CAName CustomCAName
- Unpublishing CRL:
Get-QADPKIObject CDP | Get-QADCertificateRevocationList | where-object {$_.IssuedBy -like "sysadmins*"} | Unpublish-QADCertificateRevocationList -CAName "CustomCAName"
For certificate store management, Vadims goes through:
- Exploring certificate stores:
Get-QADLocalCertificateStore -StoreLocation LocalMachine -StoreName My | Get-QADCertificate
- Adding certificate stores:
New-QADLocalCertificateStore -StoreLocation CurrentUser -StoreName CustomStoreNameToAdd
- Removing certificate stores:
Remove-QADLocalCertificateStore -StoreLocation LocalMachine -StoreName CustomStoreToDelete
For all these, Vadims is providing tons of details so I highly recommend checking those out:
0 Responses to “Managing Certificate Revocation Lists and Certificate Stores”