Automate certificate revocation on a Microsoft PKI

Automate certificate revocation on a Microsoft PKI

The purpose of this script is to automate your certificate revocation on a Microsoft PKI. The script uses the powershell module PSPKI. To install it, run the following command :

This module is intended to simplify various PKI and Active Directory Certificate Services management tasks by using automation with Windows PowerShell.

This module is intended for Certification Authority management. For local certificate store management you should consider to use Quest AD PKI cmdlets.

The script will revoke your certificate using the “Hold” reason. In that case, you will be able to unrevoke the certificate you want. The two following reasons will trigger a certificate revocation:

  • The certificate is expired
  • The Certificate is in duplicate (same common name): the most recent is kept

<>

My Powershell script categories

Sample of the cmdlets availables in the PSPKI module (full list here):
Add-AdCertificate
Add-AdCertificateRevocationList
Add-AuthorityInformationAccess (Alias: Add-AIA)
Add-CAAccessControlEntry (Alias: Add-CAACL)
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias: Add-CDP)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-PolicyModuleFlag
Get-CATemplate
Get-CertificateRequest
Get-CertificateRevocationList (Alias: Get-CRL)
Get-CertificateRevocationListFlag (Alias: Get-CRLFlag)
Get-CertificateTemplate
Get-CertificateTemplateAcl
Get-IssuedRequest
Get-PendingRequest
Publish-CRL
Remove-CATemplate
Remove-ExtensionList
Restart-CertificationAuthority
Revoke-Certificate
Start-CertificationAuthority
Test-WebServerSSL
Uninstall-CertificationAuthority

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.