April 22 2015

How to find an internal/local Certificate Authority

Many times when I’m new to an organisation I’ll need to do a discovery within the environment to see what technology exists – including local Microsoft Windows Certificate Authorities. A very quick and easy way to do this is to use the certutil command with the follow syntax:

certutil -config - -ping

If there is a Certificate Authority published in Active Directory then you will get a popup box with a list of them. If not, you’ll see something like this:


The command is also useful for testing the responsiveness of a Certificate Authority – if you select an existing Certificate Authority from the popup box, certutil will ping it.

I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


Tags: , , , , , , ,

Posted April 22, 2015 by danovich in category "Certificates", "Geek", "Tools


  1. Pingback: NeWay Technologies – Weekly Newsletter #145 – April 30, 2015 | NeWay

  2. Pingback: NeWay Technologies – Weekly Newsletter #145 – May 1, 2015 | NeWay

Leave a Reply