Certificates (Windows)
Tools
Certutil (Windows Server 2012)
certutil -getreg ca\csp\CNGHashAlgorithm
certutil -setreg ca\csp\CNGHashAlgorithm SHA256Certreq
CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]certreq -submit -attrib "CertificateTemplate:WebServer" certRequest.req certnew.cer certnew.pfxFor Pfsense: the certnew.cer is the answer to the request.
Stuff
Important caveats
From the Microsoft website:
Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.
MMC Consoles
certmgr.msc (current user)
certlm.msc (local machine)Current user
Get-ChildItem -Path cert:\CurrentUser\MyLocal Machine
Get-ChildItem -Path cert:\LocalMachine\root
Get-ChildItem -Path cert:\LocalMachine\TrustedPeopleSearch certificates by thumbnail
This searches for a certificate thumbnail within the specified store.
$thumbnail = "E5CC5CA2A198DEAB1ABB5F2B7A0B2EEEFA4C52D4"
$location = "LocalMachine"
Get-ChildItem -Recurse -Path "cert:\$location\*" | Where-Object {$_.Thumbprint -eq $thumbnail}Remove imported certificates
$username = "myuser"
(Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Subject -match $username}) | Remove-Item
(Get-ChildItem Cert:\LocalMachine\TrustedPeople | Where-Object {$_.Subject -match $username}) | Remove-Item
#Delete by thumbprint
Get-ChildItem Cert:\LocalMachine\My\D20159B7772E33A6A33E436C938C6FE764367396 | Remove-Item
#Delete by subject/serialnumber/issuer/whatever
Get-ChildItem Cert:\LocalMachine\My |
Where-Object { $_.Subject -match 'Frode F' } |
Remove-ItemConvert a pfx file to pem
openssl pkcs12 -in cert.pfx -nocerts -nodes -out cert_key.pem -passin pass: -passout pass: