Do you have a Certificate Signing Request (CSR) from a device with which you need to create a certificate from a Microsoft Windows Certificate Authority? This is actually pretty straight forward. On a domain machine, launch a command prompt and save the CSR into a file on that machine (CSR.REQ in the example below). Then just use the command:
Many times when I’m new to an organisation I’ll need to do a discovery within the environment to see what technology exists – including local Microsoft Windows Certificate Authorities. A very quick and easy way to do this is to use the certutil command with the follow syntax:
certutil -config - -ping
If there is a Certificate Authority published in Active Directory then you will get a popup box with a list of them. If not, you’ll see something like this:
The command is also useful for testing the responsiveness of a Certificate Authority – if you select an existing Certificate Authority from the popup box, certutil will ping it.