Managing Certificate Revocation Lists and Certificate Stores

Vadims has published a couple of articles with great examples of how to use PowerShell to manage CRLs (Certificate Revocation List) and local certificate stores.

CRL tasks include:

  • Importing CRL:
$crl = Import-QADCertificateRevocationList -File C:\pica-1.crl
  • Reviewing CRL details:
$crl | format-list *
  • Add CRL to local certificate store:
Add-QADCertificateRevocationList -CRL $crl -Store $store
  • CRL removal:
Get-QADCertificateRevocationList -Store $store |
  where-object {$_.IssuedBy -like "sysadmins*"} |
  Remove-QADCertificateRevocationList -Store $store
  • CRL export:
Export-QADCertificateRevocationList -CRL $crl -File c:\customcrl.crl
  • Publishing CRL:
Publish-QADCertificateRevocationList -CRL $crl -CAName CustomCAName
  • Unpublishing CRL:
Get-QADPKIObject CDP |
  Get-QADCertificateRevocationList |
  where-object {$_.IssuedBy -like "sysadmins*"} |
  Unpublish-QADCertificateRevocationList -CAName "CustomCAName"

For certificate store management, Vadims goes through:

  • Exploring certificate stores:
Get-QADLocalCertificateStore -StoreLocation LocalMachine -StoreName My |
  Get-QADCertificate
  • Adding certificate stores:
New-QADLocalCertificateStore -StoreLocation CurrentUser -StoreName CustomStoreNameToAdd
  • Removing certificate stores:
Remove-QADLocalCertificateStore -StoreLocation LocalMachine -StoreName CustomStoreToDelete

For all these, Vadims is providing tons of details so I highly recommend checking those out:

Managing Certificate Revocation Lists (CRL) with PowerShell

Managing Certificate Stores with PowerShell

0 Responses to “Managing Certificate Revocation Lists and Certificate Stores”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

September 2010
M T W T F S S
« Aug   Oct »
 12345
6789101112
13141516171819
20212223242526
27282930  

%d bloggers like this: