Certutil can do this like so: "certutil -store \\mymachine\MY"
or you can use a capimon script and CAPICOM.Store or you can call CertOpenStore see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/system_store_locations.asp System store locations are opened remotely by prefixing the store name in the string passed to pvPara with the computer name. Examples of remote system store names are: a.. ComputerName\CA b.. \\ComputerName\CA c.. ComputerName\ServiceName\Trust d.. \\ComputerName\ServiceName\Trust thx steve ----- Original Message ----- From: Steve Szwejbka To: [email protected] Sent: Wednesday, November 29, 2006 1:16 PM Subject: [ActiveDir] OT: Script or utility to dump certificates on a remote server? We have certificates deployed to some unknown number of Windows (mostly 2k3, but some 2k) servers throughout the environment. The certificates were generated via some internal root server which apparently does not have a way to dump what certificates have been issued and when they expire. So, I'm trying to figure out a way to remotely look at large numbers of servers (1000+) to see which servers a) have a certificate installed, and b) when it expires. It doesn't appear that certutil.exe does this type of thing for remote servers. Does anyone know of any vbscript or vb.net calls that can be used to get this info? Thanks -Steven ------------------------------------------------------------------------------ The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
