Monday, January 04, 2010

Speaking of PKI, again!

I’ve been meaning to re-post Dmitry’s blog article on a "New enterprise PKI management console."
Certificate management used to be tough. There have not been a single tool to manage all the aspects of it and administrators had to launch all these certsrv.msc, certtmpl.msc, certutil.exe, ocsp.msc, pkiview.msc, and so on. We had no bulk operations, had to manage each certificate authority (CA) in a separate MMC snapin, and so on.
That is now all a thing in the past with the new PowerGUI/PowerShell-based certificate management admin console created by PowerShell MVP Vadims Podāns (here’s English translation of his blog) and shared for free here. Here’s a very quick summary of some of the features his tool has:
Certificate Authorities management:
CRL Distribution Points (CDP)
Authority Information Access (AIA) settings
Review CRLs
Publish new CRLs
Change CRL publishing periods including overlap settings
Revoked Certificates
Issued Certificates
Pending requests
Failed requests
Issued certificate templates
Revoke/unrevoke certificates
Issue or deny pending requests for certificates
Add/remove certificate templates to issue
Change CRL/CRT/OCSP URL priorities

Local certificate store management:
Import/Export certificates using various certificate types (such CER/pkcs12/pkcs7/SST)
Copy/move certificates between stores
Delete certificate from store
Validate certificates passing them through certificate chaining engine
Sign files
Online Certificate Status Protocol (OCSP) Responders management:
Review and change OCSP Responder settings
Change OCSP URL priorities
All of these support bulk operations, filtering, and reporting. All are available with their source PowerShell code for your reference and scripting. Read more about the pack, see the screenshots, and download the tool here.
It's stuff like this that will help to make PKI easier!

No comments: