Manage the Windows Services certificate store

Manage the Windows Services certificate store

Recently, I have encountered an issue with Active Directory, LDAPS and multiple Server authentication certificates in the default computer certificate store of my domain controllers.

The LocalComputer certificate store contained one certificate for AD LDAPS and the other was dedicated to the WinRM HTTPS listener.

In that specific case, the only way to hard set and link a specific certificate to the AD LDAPS listener was to play with the Windows Service certificate store.
The following script will help you to understand where are located the Local computer certificates in the registry and how to copy them to the service of your choice.

It is required to run this script with administrative permissions on the required target system.

The script will guide you through interactive menu to choose :

  • the certificate currently installed on the Local Computer cert store
  • the Windows service that need the certificate


My Powershell script categories

Sample of the cmdlets availables in the PSPKI module (full list here):
Add-AdCertificate
Add-AdCertificateRevocationList
Add-AuthorityInformationAccess (Alias: Add-AIA)
Add-CAAccessControlEntry (Alias: Add-CAACL)
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias: Add-CDP)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-PolicyModuleFlag
Get-CATemplate
Get-CertificateRequest
Get-CertificateRevocationList (Alias: Get-CRL)
Get-CertificateRevocationListFlag (Alias: Get-CRLFlag)
Get-CertificateTemplate
Get-CertificateTemplateAcl
Get-IssuedRequest
Get-PendingRequest
Publish-CRL
Remove-CATemplate
Remove-ExtensionList
Restart-CertificationAuthority
Revoke-Certificate
Start-CertificationAuthority
Test-WebServerSSL
Uninstall-CertificationAuthority

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: