Skip to content

Instantly share code, notes, and snippets.

View jespernohr's full-sized avatar

Jesper Nøhr jespernohr

7 followers · 40 following
View GitHub Profile
@jespernohr
jespernohr / azcp-schedule.xml
Created November 18, 2016 20:31
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2016-10-21T07:41:00.0701441</Date>
<Author>blog\awaii</Author>
<Description>This command copies content from local folder d:\crl to Azure Storage blob account and saves a log file to local drive d:\logs
/XO
Excludes an older source resource. The resource will not be copied if the last modified time of the source is the same or older than destination.
Applicable to: Blobs, Files
/Y
@jespernohr
jespernohr / azcp
Created November 18, 2016 20:16
# This command copies content from local folder d:\crl to Azure Storage blob and saves a log file to local drive d:\logs
.\AzCopy.exe /Source:d:\crl /Dest:https://example.blob.core.windows.net/crl/ /DestKey:******== /Pattern:*.cr* /XO /Y /V:d:\logs\azcopy.log
@jespernohr
jespernohr / azcopy.ps1
Last active October 21, 2016 07:52
# This command copies content from local folder d:\crl to Azure Storage blob and saves a log file to local drive d:\logs
.\AzCopy.exe /Source:d:\crl /Dest:https://example.blob.core.windows.net/crl/ /DestKey:******== /Pattern:*.cr* /XO /Y /V:d:\logs\azcopy.log
@jespernohr
jespernohr / cdp
Last active October 23, 2016 10:46
$crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force};
Add-CACRLDistributionPoint -Uri E:\pki\%3%8%9.crl -PublishToServer -Force
Add-CACRLDistributionPoint -Uri http://pki.azureedge.net/%3%8%9.crl -AddToCertificateCDP -Force
$aialist = Get-CAAuthorityInformationAccess; foreach ($aia in $aialist) {Remove-CAAuthorityInformationAccess $aia.uri -Force};
Add-CAAuthorityInformationAccess -AddToCertificateAia http://pki.azureedge.net/%1_%3%4.crt -Force
Certutil -setreg CA\CRLPeriodUnits 2
Certutil -setreg CA\CRLPeriod "Weeks"
Certutil -setreg CA\CRLDeltaPeriodUnits 1
Certutil -setreg CA\CRLDeltaPeriod "Days"
Certutil -setreg CA\CRLOverlapPeriodUnits 12
@jespernohr
jespernohr / issuingca1
Created October 18, 2016 19:26
Certutil –installcert pki02.fabrikam.com_fabrikamIssuingCA.crt
start-service certsvc
copy c:\Windows\system32\certsrv\certenroll\*.cr* e:\pki\
@jespernohr
jespernohr / issuingca
Last active October 24, 2016 17:07
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "fabrikamIssuingCA" -KeyLength 2048 -HashAlgorithm SHA256 -CryptoProviderName "ECDSA_P256#Microsoft Software Key Storage Provider"
@jespernohr
jespernohr / CAPolicy.inf2
Created October 18, 2016 18:40
[Version]
Signature="$Windows NT$"
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
Notice="Legal Policy Statement"
URL=http://pki.azureedge.net/cps.txt
[Certsrv_Server]
RenewalKeyLength=2048
@jespernohr
jespernohr / pki-share
Created October 18, 2016 12:26
new-item -path E:\pki -type directory
write-output "This is a sample CPS. Modify as needed." | out-file E:\pki\cps.txt
new-smbshare -name pki E:\pki -FullAccess SYSTEM,"fabrikam\Domain Admins" -ChangeAccess "fabrikam\Cert Publishers"
@jespernohr
jespernohr / gist:06574afc62e47216f194010281fade8f
Last active October 16, 2016 17:05
dbpublish1
certutil –dspublish –f pki01_fabrikamRootCA.crt RootCA
certutil –addstore –f root pki01_fabrikamRootCA.crt
certutil –addstore –f root fabrikamRootCA.crl
@jespernohr
jespernohr / CRLverify.ps1
Created October 16, 2016 13:05
Get-CACRLDistributionPoint | format-list