How to import a CSR on a root CA into the Pending Requests queue and viewing the applied policy on the command line?

Daniel

5/5/23, 1:17 PM

I have a standalone root CA base on Windows Server 2019 Core.

I know that with certutil.exe -dump certificate.req I can inspect the CSR, but the root CA's policies may override the requested extension attributes.

On the Desktop edition, after importing the CSR into the root CA, I can inspect the pending request and see where root CA policies may override requested extension attributes, add additional extensions or remove them.

For example, the CSR requests the Key Usage extension to be critical, but the root CA policy overrides the Key Usage requests and removes the critical flag, as you can see in the picture below.

My questions are:

How do I import a CSR file to the Pending Requests queue on the command line or in PowerShell?
How can I see how the CA would actually issue the certificate, on the command line or in PowerShell?

0 + 0

pki

windows-server-core

Score:2

Server

garethTheRed

5/5/23, 6:55 PM

To import a CSR to the queue, use:

certreq.exe -submit <csr file>

To view request extensions, you'll need to know the RequestId, which the above command would have returned. Use (for RequestId of 123):

certutil.exe -view -restrict "ExtensionRequestId=123" Ext

To view request attributes:

certutil.exe -view -restrict "AttributeRequestId=123" Attrib

While you're at it, you can view the request itself with:

certutil.exe -view -restrict "RequestId=123" Queue

Or, for previously issued certs:

certutil.exe -view -restrict "RequestId=123" Log

You can add -v after the -view for more verbose information and you can add csv at the end for CSV output.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to import a CSR on a root CA into the Pending Requests queue and viewing the applied policy on the command line?

TH: วิธีนำเข้า CSR บนรูท CA ไปยังคิวคำขอที่รอดำเนินการและดูนโยบายที่ใช้บนบรรทัดคำสั่ง

RO: Cum se importă un CSR pe un CA rădăcină în coada de solicitări în așteptare și se vizualizează politica aplicată pe linia de comandă?

RU: Как импортировать CSR на корневом ЦС в очередь ожидающих запросов и просматривать примененную политику в командной строке?

VI: Làm cách nào để nhập CSR trên CA gốc vào hàng đợi Yêu cầu đang chờ xử lý và xem chính sách được áp dụng trên dòng lệnh?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.