Method 1:
Use the certutil command:
certutil -cainfo
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYMjbN_8xXVxjoGLtjDv1OnLDwfeI47WOSd65e3Cp8EdbAk-6xo2kPTO48uS2NRRUSe63trDWaVnccTgPDb37_n6IedcRqyS4mloKo5fFwypLbcCLufjB-DOA0V0Z5dd5Uk2JlWutlbxE/s400/screenshot1.png)
Method 2:
Check if there is a Certificate Templates folder in the certificate console. Certificate Templates only appears if the certificate authority is an enterprise CA.
In this screenshot we have a stand alone CA:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifeBsNUSkzOnVSe0ZObWtWHHvpEGL_Imx_oHRWeNMbSpVqL58HBtEAZnx6CDf1qIkwH8l2p86qlUGwvYjbbwm34-EZpGgUtiQEpbT8cCl_7-_Xkj7tjDJ3zqAnepmF0pASL6ckg7rRhe4/s400/screenshot2.png)
Method 3:
The "Cert Publishers" Active Directory group. All members of this group are enterprise certificate authorities.
Great stuff. CLI is the best.
ReplyDelete