How to check Remotely if PKI Certificates installed successfully?

G

Guest

I have recently submitted to all PKI Users their EMail Certificates .pfx
files and informed the 200 Users to confirm if the installation was
successful.
The Emails were encrypted using their old Certificates.

my question is: is there a script, dos command or tools I can use to track
automatically from my PC if the new certificates has been installed
successfully or not in the User profile? in addition, I want to check if the
parent root and sub ca certificates are updated as well?

for the root and sub ca certificates I'm thinking to use group policy and
distributed it into the Trusted Root Certificates Store.

FYI: we have Offline Root CA and Standalone Subordinate CA which means both
of them are not on LAN and not joined to Domain.

we use PKI only for Email encryption.
 
S

Steven L Umbach

Offhand I don't know of a way though the user can check their certificate
store using the mmc snapin for certificates. You really should have
considered an Enterprise CA in an Active Directory domain environment that
has many benefits over stand alone CA including autoenrollment if installed
on Windows 2003 Enterprise Server. You can use Group Policy to add a CA
certificate to the Trusted CA list. An Enterprise CA would automatically be
added to the trusted root CA store on domain computers. I suggest you also
post in the Microsoft.public.security.crypto newsgroup to ask about your
primary question. --- Steve
 
G

Guest

what about registry entries? is there a place to report the personal storage
certificates serial number and expiry date?

is there a tools like certutils? what about CAPICOM tools?
did you try any of this before on windows xp?

I'll test it from my side but it would be great if anybody has more
knowledge about this tools to confirm to avoid any problems faced.

--
best regards,
Samo


Steven L Umbach said:
Offhand I don't know of a way though the user can check their certificate
store using the mmc snapin for certificates. You really should have
considered an Enterprise CA in an Active Directory domain environment that
has many benefits over stand alone CA including autoenrollment if installed
on Windows 2003 Enterprise Server. You can use Group Policy to add a CA
certificate to the Trusted CA list. An Enterprise CA would automatically be
added to the trusted root CA store on domain computers. I suggest you also
post in the Microsoft.public.security.crypto newsgroup to ask about your
primary question. --- Steve
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Clone an PKI Digital Certificate 1
Certificates and templates 2
Migrate Enterprise root authority CA to stand-alone root CA 0
EFS Auto enroll 0
EFS in a 2003 Native Domain with third party PKI certificates. 6
Fraudulent security certificates !!!!! 1
PKI Key Problems 0
Offline Root CA - AutoEnrollment 4

Top