Example of AD CS operations with the KMES Series 3

this section provides examples of viewing the windows certificate store and signing a certificate by using ad cs on the {{k}} view the certificate store use the following command to view the ca certificate store the ldap uri depends on the active directory domain for your organization (such as fx futurex com ) and the ca name (such as fx fxca ) certutil viewstore "ldap\ ///cn=fx fxca,cn=certification authorities, cn=public key services,cn=services,cn=configuration,dc=fx, dc=futurex,dc=com?cacertificate?base?objectclass=certificationauthority" between tests you might choose to clear the certificate store by using a command similar to the following certutil delstore "ldap\ ///cn=fx fxca,cn=certification authorities, cn=public key services,cn=services,cn=configuration,dc=fx, dc=futurex,dc=com?cacertificate?base?objectclass=certificationauthority" fx fxca sign a certificate the following steps demonstrate one way to test by using the {{k3}} to sign a certificate for the ca server open the certificate manager on the ca server right click personal and select all tasks > request new certificate in the certificate enrollment window, select \[ next ] in the certificate enrollment policy window, choose a certificate enrollment service associated with the ca server, such as active directory enrollment policy for an enterprise ca select \[ next ] in the request certificates window, choose a certificate template and select \[ enroll ] if the connection to the {{k}} succeeds, you receive a success message if the {{k}} is offline you receive an error to locate the certificate that you issued, perform the following steps open the active directory certificate authority tool from the server manager expand the node associated with your ca common name select \[ issued certificates ] a certificate matching your request displays on this page