New enterprise PKI management console

Certificate management used to be tough. There have not been a single tool to manage all the aspects of it and administrators had to launch all these certsrv.msc, certtmpl.msc, certutil.exe, ocsp.msc, pkiview.msc, and so on. We had no bulk operations, had to manage each certificate authority (CA) in a separate MMC snapin, and so on.

That is now all a thing in the past with the new PowerGUI/PowerShell-based certificate management admin console created by PowerShell MVP Vadims Podāns (here’s English translation of his blog) and shared for free here.

Here’s a very quick summary of some of the features his tool has:

  • Certificate Authorities management:
    • CRL Distribution Points (CDP)
    • Authority Information Access (AIA) settings
    • Review CRLs
    • Publish new CRLs
    • Change CRL publishing periods including overlap settings
    • Revoked Certificates
    • Issued Certificates
    • Pending requests
    • Failed requests
    • Issued certificate templates
    • Revoke/unrevoke certificates
    • Issue or deny pending requests for certificates
    • Add/remove certificate templates to issue
    • Change CRL/CRT/OCSP URL priorities
  • Local certificate store management:
    • Import/Export certificates using various certificate types (such CER/pkcs12/pkcs7/SST)
    • Copy/move certificates between stores
    • Delete certificate from store
    • Validate certificates passing them through certificate chaining engine
    • Sign files
  • Online Certificate Status Protocol (OCSP) Responders management
    • Review and change OCSP Responder settings
    • Change OCSP URL priorities

All of these support bulk operations, filtering, and reporting. All are available with their source PowerShell code for your reference and scripting.

Could you ask for more? Please submit your feedback to Vadims – this will help him improve the pack.

Read more about the pack, see the screenshots, and download the tool here.

Are you also into PowerShell and have a great idea of a tool to make someone’s life easier – go for it – create your PowerPack and submit it to the contest!

Tags: , , , , , ,

3 Responses to “New enterprise PKI management console”

  1. 1 Eric Long July 29, 2011 at 9:41 pm

    I have downloaded it, as well as the Quest components, but HOW do you actually use it?

    • 2 Dmitry Sotnikov July 30, 2011 at 4:23 am

      The UI or the command line/scripting?

      For UI, within PowerGUI Administrative Console:
      1. Click Tools / Find PowerPack Online,
      2. Search for ‘PKI’,
      3. Select the pack it finds and click Install.

      The pack will be downloaded and added – the UI is then pretty intuitive.

      For more info on the command-line/scripting, see this document:

  1. 1 Dew Drop – November 6, 2009 | Alvin Ashcraft's Morning Dew Trackback on November 6, 2009 at 1:32 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

November 2009

%d bloggers like this: