I work with a lot of different clients and often need to generate private certificates for applications, such as Exchange, Lync Server, and System Center. I’m often surprised that clients aren’t aware if they even have a certificate authority server in their domain and if so, what it’s name is.
Here’s a simple way to check for an enterprise CA in a Windows domain. Run the following command from a CMD prompt:
Notice the extra dash “–” between the -config and -ping switches.
If there is an enterprise CA published in Active Directory, you will see a pop-up box asking you to choose the CA to ping, as shown below:
|Certutil successfully pinged the CA|
If certutil is enable to locate and Enterprise CA in the domain, it will display an error message indicating that no active Certification Authorities were found:
|Certutil was unable to locate an Enterprise CA in the domain|
certutil -config – -ping