PKI Health Tool

The Windows Server 2003 Resource Kit includes the PKI Health Tool (pkiview.msc), a retrieval tool for URLs in both the CDP and AIA extensions of all certificates in the certificate chain. The PKI Health Tool reports on the status of each URL configured in the CA hierarchy using status codes of OK, Expired, and Unable to download.

To use the PKI Health Tool, you must initialize the associated dynamic link library (DLL) with the following procedure:

1. Open a command prompt.

2. In the command prompt, type regsvr32 pkiview.dll and press ENTER.

3. In the Regsvr32 dialog box, click OK.

Note If you install the Windows Server 2003 Resource Kit Tools, the PKI Health Tool and associated pkiview.dll files are automatically installed and registered. Use this procedure if you only want to install the PKI Health Tool, not the entire resource kit.

Once the DLL is registered, you can open the PKI Health Tool by running pki-view.msc. (See Figure 9-5.)

Once the DLL is registered, you can open the PKI Health Tool by running pki-view.msc. (See Figure 9-5.)

Figure 9-5 The PKI Health Tool console

Within the PKI Health Tool console, you can view the status for each AIA and CDP URL. The status codes will include:

Figure 9-5 The PKI Health Tool console

Within the PKI Health Tool console, you can view the status for each AIA and CDP URL. The status codes will include:

■ OK. The CA certificate or CRL at the referenced URL is valid.

■ Expiring. The CA certificate or CRL at the referenced URL is near expiration.

Note You can define the expiration interval for CA certificates, CRLs, and delta CRLs within the PKI Health Tool to match the publication intervals used by your organization. For example, if you publish base CRLs every day, you could define the expiration warning interval to be eight hours before expiration rather than the default of two days.

■ Expired. The CA certificate or CRL at the referenced URL is expired.

■ Unable to download. The CA certificate or CRL could not be downloaded from the referenced URL.

Was this article helpful?

+1 0

Responses

  • Sophia Ackerman
    What does "regsvr32 pkiview.dll" do?
    9 years ago

Post a comment