Certificates (Windows)
Tools
Certutil (Windows Server 2012)
certutil -getreg ca\csp\CNGHashAlgorithm
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
Certreq
CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]
certreq -submit -attrib "CertificateTemplate:WebServer" certRequest.req certnew.cer certnew.pfx
For Pfsense: the certnew.cer
is the answer to the request.
Stuff
Important caveats
From the Microsoft website:
Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.
MMC Consoles
certmgr.msc (current user)
certlm.msc (local machine)
Current user
Get-ChildItem -Path cert:\CurrentUser\My
Local Machine
Get-ChildItem -Path cert:\LocalMachine\root
Get-ChildItem -Path cert:\LocalMachine\TrustedPeople
Search certificates by thumbnail
This searches for a certificate thumbnail within the specified store.
$thumbnail = "E5CC5CA2A198DEAB1ABB5F2B7A0B2EEEFA4C52D4"
$location = "LocalMachine"
Get-ChildItem -Recurse -Path "cert:\$location\*" | Where-Object {$_.Thumbprint -eq $thumbnail}
Remove imported certificates
$username = "myuser"
(Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Subject -match $username}) | Remove-Item
(Get-ChildItem Cert:\LocalMachine\TrustedPeople | Where-Object {$_.Subject -match $username}) | Remove-Item
#Delete by thumbprint
Get-ChildItem Cert:\LocalMachine\My\D20159B7772E33A6A33E436C938C6FE764367396 | Remove-Item
#Delete by subject/serialnumber/issuer/whatever
Get-ChildItem Cert:\LocalMachine\My |
Where-Object { $_.Subject -match 'Frode F' } |
Remove-Item
Convert a pfx file to pem
openssl pkcs12 -in cert.pfx -nocerts -nodes -out cert_key.pem -passin pass: -passout pass: