Security – shell{&}co

OpenSSL useful commands

In this post, you will find below some useful usage of the OpenSSL tool. This commands can be used on both Linux and Windows environment. For the Windows OS, I have choosen to use the pre-compiled packages at conan.io (version

List duplicated valid certificates on a MS PKI version 3

Description One more version of the script provided some weeks ago. This is a minor update but it can be helpful. In that version, the duplicated valid certificates are listed and two options are shown : keep or revoke. It

List duplicated valid certificates on a MS PKI version 2

Description I have written another version of the script provided some weeks ago. This new version is looking for duplicated valid certificates based on both CommonName and Certificate template. The first version checked only the CommonName. All of this cmdlets

Microsoft PKI: revoke expired certificates

Microsoft PKI: revoke expired certificates Description I have written the script below to cleanup the CA database by revoking the expired certificates. First, the script performs three checks and then revoke the expired certificates: a valid certificate for the same

Owncloud Passwords application migration to Passman

If you used the application Passwords for Owncloud to store your credentials, you have seen recently this app does not exist anymore. The application has been removed from Github and it is hard to find the documentation. This is why

List duplicated valid certificates on a MS PKI

List duplicated valid certificates on a MS PKI The following script will give you the possibility to list the valid certificates on your Active Directory PKI that are duplicated. By “duplicated”, I mean at least two valid certificates for the

Request and remove a certificate using Active Directory templates

You can request from Powershell a certificate from your Active Directory PKI. In that case you will use the cmdlet Get-Certificate. If you already know the template you want to use (for example Enhanced Web Server), you can use this

List AD domain controller KDC certificates

Kerberos uses certificates to encrypt communication between the Kerberos client and the Kerberos Key Distribution Center (KDC). If you’re domain controllers use certificate for KDC you can list them by runnning this script: $domains = (Get-ADForest).domains $dcs = (Get-ADForest).globalcatalogs $list

Certificate renewal with Powershell

With the following function, it is possible to renew a Local machine certificate by providing the certificate thumbprint to the function. To simply get a certificate thumbprint, you can run this command: gci -path Cert:\LocalMachine\My | select Thumbprint If you

Revoke a certificate that has specific properties

In the next days, I will show you how to perform specific tasks on your Microsoft PKI using Powershell. In this post, you will be able to revoke a certificate that matches your criteria. In the following example, I will

« Previous