Discovering Internal CAs

If you ever want to query AD for Certification Authorities, skip ADSI Edit… there’s a quick way to do it using certutil. Here’s how:

certutil -config – -ping

Note the extra empty dash between -config and -ping is needed to query the list of CAs.

Credit for the useful command goes to colleague and UC ninja Jeff Carlson.

Gonzalo Escarrá's Blog