Bzzzz! Disqualified. -- Espi
On Tue, Oct 31, 2017 at 4:18 PM, Sean Martin <[email protected]> wrote: > Hey Michael, > > I wouldn't mind testing it out for you. We have a fairly simple CA > environment (offline root, online intermediate) in a Windows 2008 R2 AD > environment. > > - Sean > > On Tue, Oct 31, 2017 at 12:40 PM, Michael B. Smith <[email protected]> > wrote: > >> Forgive the crosspost. >> >> >> >> Webster and myself have some mutual customers that had Certificate >> Services issues. That being one of my areas of expertise, I worked through >> the problems and got everyone happy, but then realized the job would’ve >> been much much simpler with a script that dumped out everything that Active >> Directory knows about AD Certificate Services. >> >> >> >> So, viola, I wrote one; and I’ve enhanced it while working through some >> complex customer scenarios. >> >> >> >> Webster has offered to do the nice things he does to scripts (Word >> output, HTML output, code-signing, etc.) but I’d like to make sure that the >> script is complete before I hand it over to him. >> >> >> >> So I’m looking for a few good testers. I’d like for you to run the script >> and send me the output. If it bombs, let me fix it and try again. IT >> DOESN’T CHANGE ANYTHING. It just reads from AD and the registry. >> >> >> >> If you have a single server CA, you probably aren’t my target scenario – >> unless it’s been migrated and upgraded more than once. Or it was installed >> by someone who had no clue what they were doing and may have installed the >> CA a dozen times (it happens – that was a PIECE of the problem at one of my >> clients). I’m looking for environments with multiple roots, multiple >> servers in a hierarchy, potentially offline roots with an enterprise >> hierarchy, etc. >> >> >> >> If you are interested, please reply to me directly - OFF LIST. Again OFF >> LIST. >> >> >> >> Thanks! >> >> >> >> Regards, >> >> Michael B. >> >> >> >> P.S. There are some things the script could do that it doesn’t do – most >> specifically, validate certs and cross-check CA certs between AIA, CA, CDP, >> and KRA endpoints. It’s doable and a good idea (I needed that in a project >> a year or two ago), but out of scope for this Version 1. But almost >> anything else I can think of is fair game. >> >> >> > >
