0

I'm using a script by Tom Nolan to query our CA for expiring certificates. However, I tried to no avail to filter the output for non-autoenrolling certificates, as these are the only ones of interest. That's the line in question:

certutil -view -restrict "NotAfter>=$d1,NotAfter<=$d2" -out "Request ID, Request Submission Date, Request Common Name, Requester Name, Request Email Address, Request Distinguished Name, CertificateTemplate, NotAfter" -config "$caServer\$caName"

I tried narrowing down the -restrict parameter like this:

-restrict "NotAfter>=$d1,NotAfter<=$d2,EnrollmentFlags&&0x20"

but had no success.

Does anyone know how to achieve this?

Thanks for your help!

4

2 回答 2

0

Certutil 对日期时间格式非常挑剔,因此可能会导致一些问题。尝试并指定一个明确的格式,如下所示:

# $sd, $ed are datetimes
certutil -view -restrict "NotAfter>={0},NotAfter<={1}" -f $sd.toString("d.M.yyyy H:mm"), $ed.toString("d.M.yyyy H:mm")
于 2012-03-20T13:55:41.407 回答
0

这是一个旧的,但仍然可以帮助某人。

您需要添加的是 -restrict "enrollmentflags=0"

他们是那些没有被自动注册的人

于 2015-03-24T22:05:44.187 回答