DonatShell
Server IP : 180.180.241.3  /  Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Windows/SysWOW64/en-US/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /Windows/SysWOW64/en-US/certutil.exe.mui
MZ@	!L!This program cannot be run in DOS mode.

$uEEELlDLl
DRichEPELYQ!	L@`.rsrc@@0Hpc(@Xp0H`x !"#$ %8&P'h()*+,-./(0@1X2p3456789:0;H<`=x>?@~	 	8	P	h							
(
@
X
p





0H`x 8Ph
(
@
X
	p
	
	
	
	
	
	
	
	
			 	0	@	P	`	p											 	0	@	P	`	p											 	0	@	P	`	p											 	0	@	P	`	p											 	0	@	P	`	p											 	0	@	P	`	p							#$%*$-02B:6DE`
R$UYX]\aRgr$k,p(tT|wpybz~T} 4<p\̇<
d\PHL.r,fh|<D(lDtPH@L\lrjLz<X 8X"
d$&
*-r`5*`&Ԇn	DTXxhtlD$LDTL"pbfjxJZ MUIn8"#U9
ܠcD_HMUIen-US@0MS Shell DlgPmsctls_progress32P!Please wait for this operation to finish.PAȀZURL Retrieval ToolMS Shell DlgP2ExitPLVSysListView32List1P2Select...P_\FRetrieve	PjL
Certs (from AIA)	PvL
CRLs (from CDP)	PL
OCSP (from AIA)P
2RetrievePb,Timeout (sec) P;bP^e)Note: CRLs or certificates being downloaded are not exhaustively verified.  A CRL or cert may still be inconsistent or may not have the proper extensions to allow for correct verification.P	xP
:P4Url to DownloadP@P
yF
Sign LDAP TrafficPAȀ	!CA Certificate RequestMS Shell DlgPSelect an online CA to send the requestP6Computer &Name:PAP&#&Parent CA:!PA&P2Br&owse...P@*replaced by IDS_REQUEST_HELPTEXT
2
3
4Pv2OKPv2CancelPKCS #7 (*.p7b)|*.p7b|X.509 Certificate (*.cer;*.crt)|*.cer;*.crt|Personal Information Exchange (*.p12, *.pfx)|*.pfx|All Files (*.*)|*.*||'Select file to complete CA installationUnknown provider namenCannot find the certificate for %1 to build a certificate chain.  Do you wish to install this certificate now?OCannot verify certificate chain.  Do you wish to ignore the error and continue?>An error occurred retrieving the pending certificate
from %1: Get Server CA Name	Select CASave certificate and KeysRetrieve CertificateFinish Suspended Setup(The certificate is not a CA certificate.Setup completeRetrieve Pending Certificate	Key IndexLoad Old CertificateClone Root Certificate
Build RequestPARenew CA -- reuse keysInstall CA CertificateRenew CA -- new keysBuild CA CertificateSave Chain and KeysqIf you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA.Create DS CDP object$Create DS enrollment services objectCreate DS Root TrustPublish CA in DSSubmit RequestAn error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP.
:The Certification Authority certificate has a bad length: The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect.  The most recently generated request file should be used to obtain the new certificate: %1|The root certificate is untrusted.  Do you wish to trust the root certificate on this machine and complete the installation?MCannot add the Certification Authority certificate to the certificate store: PASCannot create a certificate context using the Certification Authority certificate: Unreferenced INF sectionsSet SecurityCannot create file %1: lThe existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA.
Cannot encode key attributes: Cannot encode certificate: 2The %SystemRoot% environment variable is not set. This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device.
An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP.
$Cannot determine the computer name: An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP.
8Cannot decode Certification Authority name information: The parent CA has denied your request because you are not a domain administrator. (%1)
To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.KThe new certificate subject Common Name does not match the active CA name: 
Generate KeysPAAn error was detected while configuring Active Directory Certificate Services.
The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.
lThe parent CA has denied your request for a CA certificate. Please contact the parent CA administrator.
(%1)|An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator.
(%1)^This CA certificate request did not complete. Please contact the parent CA administrator.
(%1)eThis CA certificate will be issued administratively. Please contact the parent CA administrator.
(%1)eThis CA certificate request is in the pending state. Please contact the parent CA administrator.
(%1)bThis CA certificate was revoked by the parent CA. Please contact the parent CA administrator.
(%1)ECannot set the key provider information for the certificate context: Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported.
Cannot submit the certificate request to the specified CA. (%1)
To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.The new certificate subject name does not exactly match the active CA name.
Renew with a new key to allow minor subject name changes: The new certificate public key does not match the current outstanding request.
The wrong request may have been used to generate the new certificate: Find certificate for %1CCannot write the Certification Authority certificate to file "%1": Cannot write to file %1: INF file errorSet Key SecurityParent CA = 
Request ID = /Microsoft Active Directory Certificate ServicesSet Directory SecurityAn error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name.
'Dump configuration information or files Get default configuration string3Get default configuration string via ICertGetConfig
CA VersionDecode hexadecimal-encoded fileDecode Base64-encoded fileEncode file to Base64Deny pending requestResubmit pending requestRevoke Certificate%Publish new CRLs [or delta CRLs only]Get CRL'Display current certificate disposition"Set attributes for pending request!Set extension for pending requestRetrieve the CA's certificate#Retrieve the CA's certificate chainUserKeyAndCertFile [CertId]GImport user keys and certificates into server database for key archivalDump Raw DatabaseVerify public/private key set Verify certificate, CRL or chain+Check certificate for 0x7f length encodingsDisplay this usage messageVerbose operation+Use IDispatch instead of COM native methodsReverse Log and Queue columnsOptions:Unrecognized ReasonInFile OutFileO  Column Name                   Localized Name                Type    MaxLengthO  ----------------------------  ----------------------------  ------  ---------	RequestId	RequestIdSerialNumber [Reason][%3 | %1] [%2]OutFile [Index] [%1]SerialNumber | CertHashRequestId AttributeString>RequestId ExtensionName Flags {Long | Date | String | @InFile}OutCACertFile [Index]OutCACertChainFile [Index][KeyContainerName CACertFile]CertFile [ApplicationPolicyList | - [IssuancePolicyList]]
CertFile [CACertFile [CrossedCACertFile]]
CRLFile CACertFile [IssuedCertFile]
CRLFile CACertFile [DeltaCRLFile]CertFile
Out of memoryMissing %ws argUnknown arg: %wsMultiple verb args: %wsMissing argumentToo many argumentsInternal verb table errorUnexpected "-%ws" optionUsage:OptionsVerbs:ObjectId -- ObjectId to display or to add display name
GroupId -- decimal GroupId number for ObjectIds to enumerate
AlgId -- hexadecimal AlgId for ObjectId to look up
AlgorithmName -- Algorithm Name for ObjectId to look up
DisplayName -- Display Name to store in DS
%1 -- delete display name
LanguageId -- Language Id (defaults to current: %2)
Type -- DS object type to create: 1 for Template (default),
        2 for Issuance Policy, 3 for Application Policy
Use %3 to create DS object. -- IndexedInput Length = %dNo Key Authority serial numberOutput Length = %dDecodeFile returned %wsEncodeToFile returned %wsIssuerSubject<ERROR: CA Issuer name does not match Key Authority name (%x))CA Issuer name matches Key Authority namePANo Key Authority name8ERROR: Issuer serial number does not match Key Authority*Issuer serial number matches Key AuthorityIssuer NameKeyAuthority NameKeyId:Key Authority SerialNumber:CA Serial Number:Process:[DomainDN | -]LoadKeys returned %wsLoadCert(CA) returned %ws:ERROR: Certificate public key does NOT match stored keysetContainer Public Key:Certificate Public Key::Key "%ws" verifies as the public key for Certificate "%ws"PAAKey "%ws" does NOT verify as the public key for Certificate "%ws"'Leaf certificate is REVOKED (Reason=%x)@ERROR: Verifying leaf certificate revocation status returned %ws/Cannot check leaf certificate revocation status(Leaf certificate revocation check passedLoadCert(Cert) returned %wsLoadCert(CA) returned %wsCertIssuing CA CertCert Serial Number:Issuing CA Cert Serial Number:<Issuing CA is not a root: Subject name does not match Issuer9ERROR: Issuing CA Subject name does not match Cert Issuer+Issuing CA Subject name matches Cert Issuer3CertVerifySubjectCertificateContext Flags = %x --> )ERROR: Certificate validation failure: %xPA;ERROR: CA did not issue Certificate: Signature check failedERROR: Certificate has expiredCertificate is current3Contains CRL_DIST_POINTS revocation-check extension;Contains NETSCAPE_REVOCATION_URL revocation-check extension-Certificate has no revocation-check extension%ws verifies as issued by %ws#%ws does NOT verify (issued by %ws) -- Revocation check skipped. -- Revocation check passed. -- Revocation check: REVOKED. -- Revocation check FAILED.Signature matches Public KeyCRL Entries:Cert:???PASuspect length in : field=%ws	, oid=%ws*Extension %d: oid="%hs" fcrit=%u length=%x'Signature does not match Public key: %xCannot decode object: %wsAlgorithm ObjectIdAlgorithm Parameters:NULLPublic Key: UnusedBits = %uChallengeString: "%ws"Config String: "%ws"#ICertGetConfig Config String: "%ws"-Certificate request is pending: RequestId: %uCertificate issued.7Certificate has not been issued: Disposition: %d -- %ws,Certificate disposition for "%ws" is invalid*Certificate disposition for "%ws" is valid2Certificate disposition for "%ws" is revoked (%ws)DateLongStringBinarySchema:Row %u:Opening Database %wsEMPTYerror = %ws, 
Any FormatPKCS10
KeyGen TagPKCS7Unknown
Force TeletexRenewalCriticalDisabledPolicyFlags=%xRequestPolicyAdminServerUNKNOWN
Origin=%ws???=%x!Get configuration via ICertConfigRequest Properties:PACertificate Properties:Command LineSanitized Name:%ws: Flags = %x%ws, Length = %x&Expected at least %u args, received %u*Expected no more than %u args, received %u.No active Certification Authorities found: %ws%ws: -%ws command FAILED: %ws???NoneOtherIssuer	IssuerRDNIssuerRDNAttributeIssuerRDNStringSubjectPA
SubjectRDNSubjectRDNAttributeSubjectRDNString
ExtensionsExtensionArray	ExtensionExtensionValueExtensionValueRawNo key provider informationDump Certificate View%ws added to DS store.<Ping Active Directory Certificate Services Request interface:Ping Active Directory Certificate Services Admin interfaceName:Organizational Unit:
Organization:PA	Locality:State:Country/region:Config:Exchange Certificate:Signature Certificate:Description:Server:
Authority:EntryCertificate Extensions:Request Attributes:.Shutdown Active Directory Certificate ServicesCommand StatusDump Certificate SchemaCommand SucceededPasswordX509 Certificate:!X509 Certificate Revocation List:PKCS10 Certificate Request:KeyGen Certificate Request:Version: %uSerial Number:Signature Algorithm:Public Key Algorithm:Issuer Unique Id:Subject Unique Id:
NotBefore:	NotAfter:ThisUpdate:NextUpdate:Revocation Date:Extensions:CRL Extensions:PKCS7 Message:PPossible Root Certificate: Subject matches Issuer, but Signature check fails: %xNon-root Certificate(Root Certificate: Subject matches Issuer3Non-root Certificate uses same Public Key as IssuerRevoking "%ws"Enter PFX password:Unknown Extension typePrivate Key:LengthDisplay times as GMTGMTBackupDirectoryHBackup Active Directory Certificate Services certificate and private keyBackupDirectory | PFXFileIRestore Active Directory Certificate Services certificate and private key,[CertificateStoreName [CertId [OutputFile]]]Dump certificate storeProviderType = %xKey Container = %wsProvider = %wsKeySpec = %x
Flags = %x4Restored keys and certificates for %ws\%ws from %ws.3Backed up keys and certificates for %ws\%ws to %ws.[CACertFile]+Install Certification Authority certificatePKCS7 Message Content:Authenticated AttributesSigning Certificate IndexPA8================ Begin Nesting Level %d ================8----------------  End Nesting Level %d  ----------------%ws: Lang %08x (%u.%u)  File %u.%u:%u.%u  Product %u.%u:%u.%u
	No SignerNo PKCS7 Message ContentNo CertificatesNo CRLs
Certificates:CRLs:Renewal Certificate:Encrypted Hash:  %d attributes:	Attribute    Value[%d][%d]:PABackupDirectory [%1] [%2]5Backup Active Directory Certificate Services databaseBackupDirectory6Restore Active Directory Certificate Services databaseReason: UnspecifiedReason: Key CompromiseReason: CA CompromiseReason: Affiliation ChangedReason: SupersededReason: Cessation of OperationReason: Certificate HoldReason: Remove From CRL#List CSPs installed on this machine#Test CSPs installed on this machine[Algorithm](Use silent flag to acquire crypt contextG%1 -- Request queue
%2 -- Issued or revoked certificates, plus failed requests
%3 -- Failed requests
%4 -- Revoked certificates
%5 -- Extension table
%6 -- Attribute table
%7 -- CRL table
%8 -- Output as Comma Separated Values

To display the StatusCode column for all entries:
    -out StatusCode
To display all columns for the last entry:
    -restrict "RequestId==$"
To display RequestId and Disposition for three requests:
    -restrict "RequestId>=37,RequestId<40" -out "RequestId,Disposition"

To display Row Ids and CRL Numbers for all Base CRLs:
    -restrict "CRLMinBase=0" -out "CRLRowId,CRLNumber" %7
To display Base CRL Number 3:
    -v -restrict "CRLMinBase=0,CRLNumber=3" -out "CRLRawCRL" %7
To display the entire CRL table:
    %7
Use "Date[+|-%10]" for date restrictions
Use "%9+%10" for a date relative to the current time![ObjectId | %1 | %2 [CommonName]]ActivePendingIssuedRevokedErrorDeniedRenewal Cert[Stop and Start Active Directory Certificate Services to complete database restore from %ws.'Server ICertAdmin%ws interface is alive@Cannot open Active Directory Certificate Services database: %ws.OThe Certification Authority service must be stopped for direct database access.(Local)9%ws: No local Certification Authority; use -config optionReason: UnrevokejThis might be caused by:
	Inaccessible server
	No permissions on server
	Server not in the expected state
/Server "%ws" ICertRequest%ws interface is aliveConnecting to %ws .../Use HKEY_CURRENT_USER keys or certificate store0================ Certificate %d ================Enter new password:Confirm new password:$Password differs -- please try againMissing stored keysetBackupDirectory [%1] [%2],Backup Active Directory Certificate ServicesBackupDirectory-Restore Active Directory Certificate ServicesCertificateStoreName InFileAdd certificate to storeCertificateStoreName CertIdDelete certificate from storeCertificateStoreName [CertId]Verify certificate in storeDeleting Certificate %dVerifies against UNTRUSTED rootIncomplete certificate chainCertificate is valid
IncompleteErrorDeniedIssuedIssued Out of BandPendingRevoked(Certificate request for "%ws" is pendingPA3Cannot add a non-root certificate to the root storeForce overwrite>Certificate or key exists.  Use the "%ws" option to overwrite.$Incremental database backup for %ws.Full database backup for %ws.Backed up database to %ws.Database logs were preserved.%Database logs successfully truncated.Restoring database for %ws.Unknown Attribute typeXObjectId [DisplayName | %1 [LanguageId [Type]]]
GroupId 
AlgId | AlgorithmName [GroupId]$Display ObjectId or set display nameUnknown ObjectId
Certfile [%1]+Import a certificate file into the database,Imported Certificate, Assigned RequestId %i.*Revocation check skipped -- server offline?Revocation check skipped -- no revocation information availableDisplay dynamic file List4[{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]][RegistryValueName]Display registry value8[{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]]RegistryValueName ValueSet registry value
Old Value:
New Value:AltName: %u entries:AltNameDisplay database locations)Not a valid backup target directory: %ws."Not a valid backup directory: %ws.(Backup content verification failed: %ws.%Incremental database restore for %ws.PAFull database restore for %ws.
Imported CertERROR: Cert is not yet validERROR: Cert has expired.ERROR: Cert Valid before issuing CA Cert Valid1ERROR: Cert Expires after issuing CA Cert Expires=Decoded extra Extension Array encoding layer (Teletex string)	ErrorCodeDisplay error code message text/Create/delete web virtual roots and file sharesWeb Virtual Root %wsFile Share %wsCreatedDeletedAlready Exists	Not FoundCreate ErrorDelete ErrorNot Supported. The virtual directory cannot be created because the "IIS 6 Metabase Compatibility" role service is not installed. Install the "IIS 6 Metabase Compatibility" role service and run the command again.[%1]Backing up Database filesBacking up Log filesTruncating LogsRestoring Database filesRestoring Log filesMaximum Row IndexCA Cert
CA Cert Chain
Characters	OVERFLOW:Repeated "-%ws" option)Config string must include Authority namePA"CertFile -- certificate file to publish
%1 -- Publish cert to DS Enterprise store
%2 -- Publish cert to DS Trusted Root store
%3 -- Publish CA cert to DS CA object
%4 -- Publish cross cert to DS CA object
%5 -- Publish cert to DS Key Recovery Agent object
%6 -- Publish cert to User DS object
%7 -- Publish cert to Machine DS object
CRLFile -- CRL file to publish
DSCDPContainer -- DS CDP container CN, usually the CA machine name
DSCDPCN -- DS CDP object CN, usually based on the sanitized CA short name and key index
Use %8 to create DS object.3Ensure the server is correctly installed and retry.)Connecting to data source %hs as user %hs,Failed to connect to data source 0x%08x (%d)Converted %u rows2Skipped %u rows that already exist in new Database:Skipped %u rows not issued by this Certification AuthorityConverting Row %u/Row %u -- Skipping duplicate Serial Number: %wsHRow %u -- Skipping entry not issued by this Certification Authority: %ws)Converting source row %u to target row %u#Begin names table entries for %u.%u!End names table entries for %u.%u
Get SMTP info	LogonName
Set SMTP infoPA%u RowsRow PropertiesRequest AttributesCertificate ExtensionsTotal Fields6%4u %ws, Total Size = %u, Max Size = %u, Ave Size = %uPrivate key is NOT exportableEnterprise Root CAEnterprise Subordinate CAStand-alone Root CAStand-alone Subordinate CAUnknown CA Type: %u[%1] [Machine\ParentCAName])Renew Certification Authority certificateCert Hash(%ws):Error message text: %wsPA(================ CRL %d ================Deleting CRL %dCA Certs: %uKeys:Values:Load(CRL) returned %wsCRLERROR: CRL is not yet validERROR: CRL has expired-ERROR: CRL Valid before issuing CA Cert Valid0ERROR: CRL Expires after issuing CA Cert Expires8ERROR: Issuing CA Subject name does not match CRL Issuer*Issuing CA Subject name matches CRL Issuer3ERROR: CA did not issue CRL: Signature check failedCRL signature is validCA Key Id matches Key IdPA&ERROR: CA Key Id does not match Key Id	No Key Id
IncompleteUnavailableError: No CRL for this CertRevokedValidExpiredUnder SubmissionUnknown[KeyContainerName | -]List key containersKeyContainerNameDelete named key containerCertificate is REVOKEDCA cert verify statusPAFlags:8ERROR: Certificate public key does NOT match private keySignature test passedSignature test FAILEDDisplay DS Certificates[FullDSDN] | [CertId [OutFile]]Display DS CRLs![FullDSDN] | [CRLIndex [OutFile]][CN]Display DS DNsCN
Delete DS DNsDeleting[InfoName [Index | ErrorCode]]Display CA InformationInfoName argument syntax:	ErrorCode[Index]Force UTF-8Signature: UnusedBits=%uShort Name:Sanitized Short Name:SMIME Capabilities:
Request File:PKCS7 AttributeNo SignatureCertificate Sequence:Cannot find certificate:Valid Encrypted Key Hash[%1 | %2 | %3]'[%1 | %2 | %3 | %4 | %5 | %6 | %7] [%8]![FullDSDN] | [CRLIndex [OutFile]]PADisplay DS Delta CRLs+Display times with seconds and milliseconds2ERROR: CA Cert has no Basic Constraints2 Extension9ERROR: Cannot decode CA Cert Basic Constraints2 Extension+ERROR: CA Cert is an End Entity certificateCert is a CA certificate!Cert is an End Entity certificateElement %u:CMCCertificate is NOT valid: %wsEncryption test passedEncryption test FAILEDUse V1 interfacesFile versionProduct versionExit module countPAExit module descriptionPolicy module descriptionCA nameSanitized CA name
Shared folderCA type	Parent CA
CA cert countCA cert
CA cert chainCA exchange cert countCA exchange certCA exchange cert chainBase CRL	Delta CRLCA certCRLCA info$Display CA Property Type Information!Use ICertAdmin2 for CA PropertiesMaximum CA PropId(Select a certificate from a selection UICertificate ListList certificatesList certificates for ObjectId3List Enrollment Registration Authority certificates$List Key Recovery Agent certificatesKey Id Hash(%ws):CMS Certificate Request:
CMS Response:Tagged Attributes:Tagged Content Info:Tagged Requests:Tagged Other Messages:UNKNOWN Request Choice
Body Part Id:Cannot load key: %wsExpired certificateUnauthenticated AttributesContent TypeData ReferenceCert ReferenceValueUNKNOWN Tagged AttributeSigner CountSigner InfoHash Algorithm:Encrypted Hash Algorithm:Stored Hash%ws:Computed Hash%ws:
CMC Attribute%Exchange Authority Information AccessExchange VersionInFile [HashAlgorithm]3Generate and display cryptographic hash over a file%ws hash of file %ws:CA Key Exchange CertificatePassNo RecipientRecipient CountRecipient InfoDNS Name!SearchToken [RecoveryBlobOutFile]+Retrieve archived private key recovery blob0RecoveryBlobInFile [PFXOutFile [RecipientIndex]]Recover archived private key
FileDecrypted PKCS7 Message ContentCannot decrypt message content.LKey recovery requires one of the following certificates and its private key:User Certificate:Algorithm ClassAlgorithm TypeAlgorithm Sub-idCMC Status InfoBody Part Id Reference
Status StringOther Info Choice	Fail InfoPend Token:	Pend TimeNCertFile [%1 | %2 | %3 | %4 | %5 | %6 | %7]
CRLFile [DSCDPContainer [DSCDPCN]].Publish certificate or CRL to Active Directory1Could not load Certificate or CRL from file (%ws)UserAuthenticated SessionSmartcard Logon	Basic EFS
AdministratorEFS Recovery AgentCode SigningTrust List SigningComputerDomain Controller
Web ServerKDCRoot Certification Authority#Subordinate Certification AuthorityEnrollment AgentSmartcard UserUser Signature OnlydThe value for the following key is incorrect in the INF file. It should be a non-zero numeric value.IPSecmThe value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value.IPSec (Offline request)The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English).Router (Offline request)reqOpen Request FileRequest Files (*.req; *.txt; *.cmc; *.der)|*.req;*.txt;*.cmc;*.der|Certificate Files(*.cer; *.crt; *.der)|*.cer;*.crt;*.der|All Files (*.*)|*.*||Please enter a computer name.7Please make sure there is a running CA on the computer.There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system adminstrator or select a different CA.@Cannot ping the selected CA. Please make sure the CA is running.+Exchange Enrollment Agent (Offline request)
Exchange UserExchange Signature OnlydThere are no published CAs available. Please contact the system adminstrator or select a CA by name.Enrollment Agent (Computer)Save Request FileCEP EncryptionBuilt PolicyPolicy ElementPolicy Statement Extension!Policy inf missing section or keyOpened Policy infCannot open Policy infBeginEnd	Manage CAIssue and Manage CertificatesManage Audit LogsBackup and RestoreReadRequest CertificatesPAClosed Policy infMessage BoxThe value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English).Key Recovery AgentCA Exchange Cross Certification Authority Domain Controller AuthenticationDirectory Email Replication/
You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.KThe Web client cannot be configured to forward requests to the selected CA.sThe value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1).Workstation AuthenticationRAS and IAS Server
Low AssuranceMedium AssuranceHigh AssuranceOCSP Response SigningKerberos AuthenticationPAKey recovery agentDirectory e-mail replication'Cross-certified certification authorityCertification authority (CA)ComputerUserUnknownActive Directory KRAActive Directory AIABytes%ws already in DS store.CertificateSubject Key Id (%ws):precomputedCannot open Cert store.NCannot open existing Cert store.  Use %ws switch to force Cert store creation.JCertificateStoreName CertIdList [PropertyInfFile | SDDLSecurityDescriptor]RRepair key association or update certificate properties or key security descriptor
%d bit keyDelete registry value Cannot verify detached signature1[CertificateStoreName] CertId PFXFile [Modifiers]"Export certificate and private keyPFXFile [Modifiers]"Import certificate and private key
[Template]Display DS Template AttributesTemplateInfFileAdd DS TemplatesCreated DS TemplateUpdated DS Template)%ws: -%ws command completed successfully.DThe %ws service may need to be restarted for changes to take effect.
[Template]#Display Enrollment Policy templatesTemplateDisplay CAs for template
[Template]Display templates for CADisplay user templatesDisplay machine templatesTemplate Extensions:'Enter new password for output file %ws:Enter password for %ws:!Encode text without CR charactersInFile OutFile [type]Encode file in hexadecimalEmbedded ASN.1 Element:0Split embedded ASN.1 elements, and save to files7Use local machine Enterprise registry certificate storeNo root certificates found.Invalidity DateQuerying %wsRole SeparationVerified Issuance PoliciesVerified Application Policies[URL | %1 | %2 [%3]]#Display or delete URL cache entriesKRA cert countKRA cert used countKRA certInvalid ObjectId or AlgorithmPKCS7/CMS Message:No display names
Type mismatchLocalized nameCSP Provider InfoInFileList|SerialNumber|%1 OutFileList [StartDate+%9] [+SerialNumberList | -SerialNumberList | -ObjectIdList | @ExtensionFile]
InFileList|SerialNumber|%1 OutFileList [#HashAlgorithm] [+%6 | -%6]Re-sign CRL or certificateSigning certificate Subject%RowId | Date [%1 | %2 | %3 | %4 | %5]Delete server database rowRows deleted: %uPAPOne of the following tables must be specified when deleting rows older than %ws:(The date specified is in the future: %wsCRL Hash(%ws):Include CRLs
Full ResponseCA cert chain with CRLs CA exchange cert chain with CRLsPulse autoenrollment eventsDomainName\MachineName$3Display Active Directory machine object information%Machine object missing %ws attribute.Group Memberships:[%1 | %2 | %3]%Display domain controller informationEnterprise Root store: %wsKDC certificates: %wsDC UNAVAILABLE: %ws*** Testing DC[%u]: %ws*** Enterprise Root Certificates for DC %ws** KDC Certificates for DC %wsUnknown PropertyTemplatePublic Key Length: %u bitsAdvanced ServerCRL Publish StatusDelta CRL Publish Status	TemplatesParameter = %xParameter Flags = %x	Archived!DomainName\MachineName$Display enterprise informationDisplay CA informationDSS Key Length: %u bits(================ CTL %d ================
Client Id:User:Machine:Certificate Trust List:List Identifier:Sequence Number:Subject Algorithm:CTL Entries:Usage Entries:Subject Identifier%ws:View Certificate StoreSelect CertificateSelect Certificate to DeletePASaved certificate %wsDeleted certificate %wsEnroll-on-Behalf-of[ReaderName [%1]]Display smart card informationService is paused.Service is stopped.Service is in an unknown state.5The Microsoft Smart Card Resource Manager is running.9The Microsoft Smart Card Resource Manager is not running.0Found AT_SIGNATURE key but no AT_KEYEXCHANGE key Server could not be reached: %wsSelect Decryption CertificateForeign CertKRA CertUPN:PASubject Unmodified
Publish ErrorNULL signature verifiesSource Url Name:Local File Name:
Use Count: %dHit Rate: %d
File Size: %dLast Modified Time:Expire Time:Last Access Time:Last Sync Time:6Error: Check machine name.  Should be domain\computer$#%ws is missing trailing $, correct?Issuer Domain Policy = Subject Domain Policy = PAMap[%u]:Cert Type not DC: %wsCert Usage missing %wsDeleted KDC certificate!+CertDeleteCertificateFromStore failed! - %x%u KDC certs for %wsNo KDC Certificate in MY storeNo certs in Ent Root store!-CertOpenStore on remote My store failed! - %x%Error Getting Archived Prop bit! - %x++ Archived Certificate +++No Autoenrolled Certificates in MY store!!!,CertOpenStore on remote ent store failed! %xNo Autoenrollment Objects!!!
No Access!*Retrieve and verify AIA Certs and CDP CRLsfDefaults to Request and Certificate table
%1 -- Extension table
%2 -- Attribute table
%3 -- CRL table
$CA Registry Validity Period: %ws %ws Supported Certificate Templates:$No supported Certificate Templates::$CA Name property fetching failed! %xCA Name: %ws%DNS Name property fetching failed! %xMachine Name: %wsDS Location: %ws$Cert DN property fetching failed! %xCert DN: %ws$Sig Alg property fetching failed! %xSupported signature algs: %ws %No signature algs on DS! <Unexpected> No Certificate types for this CA2No certificate type returned, although one exists!PANo CA's listed in the domain. The configuration might be stored in the root domain. Use the -dc option to target your root domain controller for the information.Cannot access DFS shareDFS Data is accessible No entries found in Ping Search! No DSPath for Policy [non-fatal]!RegQueryValue (DSPATH) failed! %x%No FileSysPath for Policy [non-fatal]Done. ldap search (%ws) found 0 items!2=========== Root Certs in policy =================Certificate %u:.No Root Certificates in Policy on this machine#Check event log for UserEnv errors!)====  Policies Processed for MACHINE  ===)====  Policies Processed for USER     ===?Possibly No Policies applied. See Event Log for Userenv errors!#Target a specific Domain ControllerDCName
Display Name:Computer Name: %wsUser Name: %ws
bad option ++++++++  MACHINE: %ws  ++++++++### Key:
GPO Name: %ws$Signature matches request Public Key
ColumnListComma separated Column ListRestrictionList Comma separated Restriction ListMachine\CANameCA and Machine name stringPA"Display a verb list (command list)$Display help text for the "%ws" verb#Display all help text for all verbsImported foreign certificateImported certificateCertificate already importedArchived key updatedArchived keyKey already archivedIgnored signing certificateUsersIgnored signature certificatesCertificates with keysForeign certificates importedCertificates already importedCertificates importedCertificates not importedKeysKeys already archivedKeys updated
Keys archivedKeys not archivedMerge PFX filesPFXInFileList PFXOutFileOnlineOFFLINEPrevious CA Cert HashMessage DigestArchived Key Cert HashIssued Cert HashEncrypted Key Hash
CRL NumberPAMinimum Base CRL NumberVirtual Base CRL NumberCRL Next PublishSigning Time
Delta CRL CDPCRL Self CDPApplication PoliciesApplication Policy MappingsApplication Policy ConstraintsPolicy MappingsPolicy ConstraintsCounter Signature%u Machine certs (%u archived)for %wsV1 Autoenrollment Objects:Skipping CSP at index %uPAProvider Name:Provider Type:Private key verifiesProcessing KMS exports from:User:Encrypted key:Decrypted key:Failed to import symmetric key5Lock box opened, symmetric key successfully decrypted(Moved AT_SIGNATURE key to AT_KEYEXCHANGEValidated Cert Types	Cert Type==== %u CAs on %ws Domain ====)CACountCAs inconsistent with CAEnumNextCACached LDAP DCCurrent reader/card status:PA,SCardEstablishContext failed for user scope.2A list of smart card readers cannot be determined.-SCardListReaders failed for SCARD_ALL_READERS.No smart card readers are currently available.5A list of smart card readers could not be determined.Readers:--- Reader:--- Status:No card.+The card is unrecognized or not responding..Card is in use exclusively by another process.&The card is being shared by a process.The card is available for use.Card/Reader not responding.---   Card:
Unknown Card.*Performing %ws public key matching test...$%ws succeeded but returned zero size&Public key from KeyProvInfo container:Public key from Cert:"Public key matching test succeededChain on smart card is invalidChain validatesNo %ws key for reader:#Cannot open the %ws key for reader:!No %ws cert retrieved for reader:%Performing cert chain verification...Displayed %ws cert for reader:Analyzing card in reader:%Cannot retrieve Provider Name for %ws%1 -- Failed and pending requests (submission date)
%2 -- Expired and revoked certificates (expiration date)
%3 -- Extension table
%4 -- Attribute table
%5 -- CRL table (expiration date)

To delete failed and pending requests submitted by January 22, 2001:
    1/22/2001 %1
To delete all certificates that expired by January 22, 2001:
    1/22/2001 %2
To delete the certificate row, attributes and extensions for RequestId 37:
    37
To delete CRLs that expired by January 22, 2001:
    1/22/2001 %5AllPANoneSelect Certificate or CRL/Certificate Files|*.cer;*.crt|CRL Files|*.crl||cerConvert PFX files to EPF file6PFXInFileList EPFOutFile [%1 | %2] [V3CACertId][,Salt]FERROR: Could not find a matching user or computer in Active Directory.KMS CA Certificate ListSelect KMS CA certificateRequestId -- numeric Request Id of a pending request
ExtensionName -- ObjectId string of the extension
Flags -- 0 is recommended.  1 makes the extension critical,
2 disables it, 3 does both.
If the last parameter is numeric, it is taken as a Long.
If it can be parsed as a date, it is taken as a Date.
If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump.
Anything else is taken as a String.3InFileList -- comma separated list of Certificate or CRL files to modify
         and re-sign
SerialNumber -- Serial number of certificate to create
         Validity period and other options must not be present
%1 -- Create an empty CRL
         Validity period and other options must not be present
OutFileList -- comma separated list of modified Certificate or CRL output
         files.  The number of files must match InFileList.
StartDate+%9 -- new validity period: optional date plus
         optional days and hours validity period
         If both are specified, use a plus sign (+) separator
         Use "%7[+%9]" to start at the current time
         Use "%8" to have no expiration date (for CRLs only)
SerialNumberList -- comma separated serial number list to add or remove
ObjectIdList -- comma separated extension ObjectId list to remove
@ExtensionFile -- INF file containing extensions to update or remove:
        %2
        %3 Remove CRL Distribution Points extension
        %4 Update Key Usage extension
        %5
HashAlgorithm -- Name of the hash algorithm precded by a # sign
%6 -- alternate Signature algorithm specifier

 
A minus sign causes serial numbers and extensions to be removed.
A plus sign causes serial numbers to be added to a CRL.
When removing items from a CRL, the list may contain both serial numbers
and ObjectIds. 
A minus sign before %6 causes the legacy signature format to be used. 
A plus sign before %6 causes the alternature signature format to be used. 
If %6 is not specifed then the signature format in the certificate or CRL is used. InfoName -- indicates the CA property to display (see below)
        Use "*" for all properties
Index -- optional zero-based property index
ErrorCode -- numeric error code%1 -- Use CA's registry key
%2 -- Use CA's restore registry key
%3 -- Use policy module's registry key
%4 -- Use first exit module's registry key
%5 -- Use template registry key (use -user for user templates)
%6 -- Use enrollment registry key (use -user for user context)
%7 -- Use chain configuration registry key
%8 -- Use Policy Servers registry key
%9 -- Use policy or exit module's ProgId (registry subkey name)

RegistryValueName -- registry value name (use "Name*" to prefix match)
Value -- new numeric, string or date registry value or filename.
    If a numeric value starts with "+" or "-", the bits specified
    in the new value are set or cleared in the existing registry value.

    If a string value starts with "+" or "-", and the existing value
    is a REG_MULTI_SZ value, the string is added to or removed from
    the existing registry value.
    To force creation of a REG_MULTI_SZ value, add a "\n" to the end
    of the string value.

    If the value starts with "@", the rest of the value is the name
    of the file containing the hexadecimal text representation
    of a binary value.
    If it does not refer to a valid file, it is instead parsed as
    [Date][+|-][%11] -- an optional date plus or minus optional
    days and hours.
    If both are specified, use a plus sign (+) or minus sign (-) separator.
    Use "%10+%11" for a date relative to the current time.

Use "%7\%12 @%10" to effectively flush cached CRLs.%3 -- new CRL validity period in days and hours
%1 -- republish most recent CRLs
%2 -- delta CRLs only (default is base and delta CRLs)fIndex -- CRL index or key index (defaults to CRL for newest key)
%1 -- delta CRL (default is base CRL)CertFile -- Certificate to verify
ApplicationPolicyList -- optional comma separated list of required
        Application Policy ObjectIds
IssuancePolicyList -- optional comma separated list of required Issuance
        Policy ObjectIds

CACertFile -- optional issuing CA certificate to verify against
CrossedCACertFile -- optional certificate cross-certified by CertFile

CRLFile -- CRL to verify
IssuedCertFile -- optional issued certificate covered by CRLFile
DeltaCRLFile -- optional delta CRL

If ApplicationPolicyList is specified, chain building is restricted to
        chains valid for the specified Application Policies.
If IssuancePolicyList is specified, chain building is restricted to chains
        valid for the specified Issuance Policies.

If CACertFile is specified, fields in CACertFile are verified against
        CertFile or CRLFile.
If CACertFile is not specified, CertFile is used to build and verify a full
        chain.
If CACertFile and CrossedCACertFile are both specified, fields in
        CACertFile and CrossedCACertFile are verified against CertFile.

If IssuedCertFile is specified, fields in IssuedCertFile are verified
        against CRLFile.
If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against
        CRLFile.PASKeyContainerName -- key container name of the key to verify
        Defaults to machine keys.  Use -user for user keys
CACertFile -- signing or encryption certificate file
If no arguments are specified, each signing CA cert is verified against its
        private key.
This operation can only be performed against a local CA or local keys.CertificateStoreName -- Certificate store name.  Examples:
        "%1", "%2" (default), "%3",

        "%10" (View Root Certificates)

        "%11" (Modify Root Certificates)

        "%12" (View CRLs)

        "%13" (Enterprise CA Certificates)
        %16 (AD machine object certificates)
        %5 %16 (AD user object certificates)

CertId -- Certificate or CRL match token.  This can be a serial number,
        an SHA-1 certificate, CRL, CTL or public key hash,
        a numeric cert index (0, 1, etc.),
        a numeric CRL index (.0, .1, etc.),
        a numeric CTL index (..0, ..1, etc.),
        a public key, signature or extension ObjectId,
        a certificate subject Common Name,
        an e-mail address, UPN or DNS name,
        a key container name or CSP name,
        a template name or ObjectId,
        an EKU or Application Policies ObjectId,
        or a CRL issuer Common Name.
        Many of the above may result in multiple matches.
OutputFile -- file to save matching cert
Use %5 to access a user store instead of a machine store.
Use %4 to access a machine enterprise store.
Use %14 to access a machine service store.
Use %15 to access a machine group policy store.

Examples:
%6
%7
%8
%9oCertificateStoreName -- Certificate store name.  See -store.
InFile -- Certificate or CRL file to add to store.sCertificateStoreName -- Certificate store name.  See -store.
CertId -- Certificate or CRL match token.  See -store.BackupDirectory -- directory to store backed up data
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)BackupDirectory -- directory to store backed up database files
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)8BackupDirectory -- directory to store backed up PFX file;BackupDirectory -- directory containing data to be restoredEBackupDirectory -- directory containing database files to be restoredbBackupDirectory -- directory containing PFX file to be restored
PFXFile -- PFX file to be restoredfCertificateStoreName -- Certificate store name.  See -store.
CertId -- Certificate or CRL match token.  See -store.
PFXFile -- exported PFX data output file
Modifiers -- Comma separated list of one or more of the following:
        %5 -- Do not export the certificate chain
        %6 -- Do not export the root certificate
Defaults to personal machine store.PFXFile -- PFX or EPF file to be imported
Modifiers -- Comma separated list of one or more of the following:
        %1 -- Change the KeySpec to Signature
        %2 -- Change the KeySpec to Key Exchange
        %3 -- Make the private key non-exportable
        %4 -- Do not import the certificate
        %5 -- Do not import the certificate chain
        %6 -- Do not import the root certificate
        %7 -- Protect keys with password
        %8 -- Do not password protect keys
Defaults to personal machine store.oUserKeyAndCertFile -- Data file containing user private keys and
certificates to be archived.  This can be any of the following:
        Exchange Key Management Server (KMS) export file
        PFX file
        Outlook key export (EPF) file
CertId -- KMS export file decryption certificate match token.  See -store.
Use %1 to import certificates not issued by the CA.sPFXInFileList -- Comma separated PFX input file list
PFXOutFile -- PFX output file
The password specified on the command line is a comma separated password
list.  If more than one password is specified, the last password is used
for the output file.  If only one password is provided or if the last
password is "*", the user will be prompted for the output file password. PFXInFileList -- Comma separated PFX input file list
EPF -- EPF output file
%1 -- Use CAST 64 encryption
%2 -- Use CAST 64 encryption (export)
V3CACertId -- V3 CA Certificate match token.  See -store CertId description.
Salt -- EPF output file salt string
The password specified on the command line is a comma separated password
list.  If more than one password is specified, the last password is used
for the output file.  If only one password is provided or if the last
password is "*", the user will be prompted for the output file password.WRequestId -- numeric Request Id of pending request
AttributeString -- Request Attribute name and value pairs
        Names and values are colon separated.
        Multiple name, value pairs are newline separated.
        Example: "CertificateTemplate:User\nEMail:User@Domain.com"
        Each "\n" sequence is converted to a newline separator.PASerialNumber -- Comma separated list of certificate serial numbers to revoke
Reason -- numeric or symbolic revocation reason:
        0: %1 -- Unspecified (default)
        1: %2 -- Key Compromise
        2: %3 -- CA Compromise
        3: %4 -- Affiliation Changed
        4: %5 -- Superseded
        5: %6 -- Cessation of Operation
        6: %7 -- Certificate Hold
        8: %8 -- Remove From CRL
        -1: %9 -- UnrevokeUse %1 to import the certificate in place of a pending request for the same key. 
Use %2 to import certificates not issued by the CA.
The CA may also need to be configured to support foreign certificate import:
     %3\OutCACertFile -- output file
Index -- CA certificate renewal index (defaults to most recent)aOutCACertChainFile -- output file
Index -- CA certificate renewal index (defaults to most recent)LUse %2 to ignore an outstanding renewal request, and generate a new request.Verify Certificate or CRL URLsInFile | URL#Certificate "%ws" already in store.!Certificate "%ws" added to store.CRL "%ws" already in store.CRL "%ws" added to store.CTL %ws already in store.CTL %ws added to store.KMS V1 CA Certificate ListSelect KMS V1 CA certificateError message textPA!Error message text and error code
RetrievingSuccessFailed	VerifyingVerify FailureNo URLsErrorExpiredWrong IssuerRevokedRevocation Check FailedNo CRLOKCDPAIABase CRL	Delta CRLCertificateNoneStatusTypeUrlRetrieval TimeGetObjectUrlCertificate SubjectBase CRL IssuerDelta CRL IssuerNo SelectionNo Certificate Selected%Error Opening Certificate or CRL FileSelect Certificate or CRLError InformationError retrieving URL: %wsNo URLs found: %wsoCannot find KMS CA certificate required to construct the EPF file.
Enroll a client in the same KMS and use Outlook to save the user keys
to an EPF file.  Take the EPF file to the current machine and use certutil
to dump the EPF file.  This will import the needed KMS CA certificates into
the local machine cert store, making them available to construct new EPF files.SearchToken -- Used to select the keys and certificates to be recovered.
        Can be any of the following:
        Certificate Common Name
        Certificate Serial Number
        Certificate SHA-1 hash
        Requester Name (domain\user)
        UPN (user@domain)
RecoveryBlobOutFile -- output file containing a certificate chain and an
        associated private key, still encrypted to one or more Key Recovery
        Agent certificates.%ws deleted from DS store.Forward cross certBackward cross certForward cross certBackward cross certKRA cert	Not foundInvalid	Untrusted
Not loaded
CA cross certSystem default Language Id:!Version %u certificates and keys:Use old PFX encryptionCertificate signature is validKey usage countDisabled
Not supportedCA cert version!Enabled Active Server Pages (ASP))Active Server Pages (ASP) already enabled(Error enabling Active Server Pages (ASP)MISSING!!Sanitized CA short name (DS name)!WinINet Cache entries deleted: %uWinINet Cache entries: %u	PermittedExcluded
IP AddressMaskURL -- cached URL
%1 -- operate on all cached CRL URLs only
%2 -- operate on all cached URLs
%3 -- delete relevant URLs from the current user's local cache
Use %4 to force fetching a specific URL and updating the cache.SubtreeRelated Certificates:
Related CRLs:Exact match:Protect keys with passwordSet templates for CA[+ | -]TemplateListAddingRemovingAlready presentNot present"KMS export file signature verifiesAutoEnroll Property	RequestId	Authority
Friendly NameToken matchBad Asn length encodingAsn encoding: %x extra bytes$%ws key verifies against certificate"%ws key does not match certificateExpectedPublic key:Cert Public key:certsSigningExchange LoadCert(CACrossed) returned %wsCrossed CA CertCrossed CA Cert Serial Number:,Crossed CA Subject name matches Cert Subject:ERROR: Crossed CA Subject name does not match Cert Subject&Crossed CA public key matches Cert key5ERROR: Certificate public key does NOT match Cert key5Crossed CA Subject Key Id matches Cert Subject Key Id.ERROR: Crossed CA Key Id does not match Key IdCA Cert
canonicalized#A required CRL extension is missingVerifiedBad CA Cert SubjectBad Cert IssuerOld Base CRLBad Authority Key IdNo IDP Intersection,ERROR: CRL Issuer does not match Cert IssuerCRL Issuer matches Cert IssuerProvider0ERROR: CRL IDP extension does not match Cert CDP1ERROR: CRL Issuer does not match Delta CRL Issuer#CRL Issuer matches Delta CRL Issuer6WARNING: CRL CA Version does not match Cert CA Version;WARNING: CRL CA Version does not match Delta CRL CA Version2ERROR: CRL Number less than Delta CRL Minimum BaseERROR: CRL is not a Base CRLERROR: CRL is not a Delta CRLVerifying Issued Certificate:Verifying Delta CRL:!WinHttp Cache entries deleted: %uWinHttp Cache entries: %uMeta File Name:WinINet Cache entry:WinHttp Cache entry:CANameMachineNameTime:Certificate AIACertificate CDPBase CRL CDP!URL fetch timeout in millisecondsTimeoutCannot export public key%Display password and private key dataOCSPDecode ErrorUnsuccessfulUnsupported	No SignerInvalid Signature
OCSP Request:OCSP Response:Produced AtOCSP Response Entries:OCSP Response InfoOCSP Request Entries:OCSP Request InfoIssuer Name Hash(%ws):Issuer Key Hash(%ws):Serial Number Not FoundUnknownInvalid Signer EKUSigner Expired
Revoked As OfCertificate OCSPParse ASN.1 fileFile [type]
DECODE ERROR!Unique container nameTo be backed upExpected Base CRLExpected Delta CRLDefault ContainerEnd Of Content4Install a Certification Authority on current machine#Manage smart card root certificatesRoot Certificate ProvisioningPAt%1 [%5][InputRootFile] [ReaderName]
%2 %6OutputRootFile [ReaderName]
%3 [InputRootFile | ReaderName]
%4 [ReaderName]Use hash of data as signatureSimple container nameCipher AlgorithmsHash Algorithms Asymmetric Encryption AlgorithmsSecret Agreement AlgorithmsSignature AlgorithmsRNG Algorithms Display COM registry information [ClassId | ProgId | DllName | *]YesNoAllowDenyCA AdministratorPACertificate ManagerReadEnrollAuto-EnrollFull ControlWriteAdministrator permissions are needed to use the selected options.  Use an administrator command prompt to complete these tasks.The restored CA certificate has expired. Before restarting Active Directory Certificate Services you must renew the CA certificate.2Create/delete web virtual roots for OCSP web proxy[%1]"The OCSP Web Proxy already exists.RName of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES!SymmetricKeyAlgorithm[,KeyLength]1This verb has been restricted by Common Criteria.rThe certification propagation service could not be contacted. Your root certificates may not be available for use.Content Encryption Algorithm:$Encode text without CR-LF charactersEncode text as UnicodeEnumerate certificate stores[\\MachineName]#MachineName -- remote machine name.Use service certificate store"Use Group Policy certificate store%Install default certificate templatesGCertificateStoreName -- Certificate store name.  See -store.
CertIdList -- comma separated list of Certificate or CRL match tokens.
        See -store's CertId description.
PropertyInfFile -- INF file containing external properties:
        %1
        %2 Add archived property, OR:
        %3 Remove archived property

        %4 "%5Friendly Name" ; Add friendly name property

        %6 Add custom hexadecimal property
          %7
          %8

        %9 Add Key Provider Information property
          %10Container Name%11
          %12
          %13
          %14
          %15 Dump smart card file information[ReaderName]Cannot read fileSuccessfully uncompressedCannot uncompress fileFailed to authenticate to card"Successfully authenticated to cardReading directory
Enter PIN: Each restriction consists of a column name, a relational operator and
 a constant integer, string or date. One column name may be preceded
 by a plus or minus sign to indicate the sort order.
 Examples:
    %1
    %2
    %3Provider Aliases:Provider Module:Display CNG ConfigurationDisplay Enrollment Policy CAs[CAName | TemplateName]Set Site Names for CAs
[SiteName]Out of dateSuccessfully updatedUpdate errorAsymmetric AlgorithmsAll AlgorithmsEnrollment Policy Server ListSelect Policy ServerDefault---    ATR:Display AD templates
[Template]Display AD CAs[CAName]Display Enrollment PolicyPolicy Server URL or IdURLOrIdDistinguishedName,type -- numeric CRYPT_STRING_* decoding type,type -- numeric CRYPT_STRING_* encoding typeBERROR: Could not verify certificate public key against private keyEnrollment Policy UrlEnrollment Policy IdPAFlagsEnrollment Server Url
Request IdAuthentication	Url Flags$Add an Enrollment Server application%1 | %3 | %5 [%10]Add an Enrollment Server application and application pool if necessary, for the specified CA. This command does not install binaries or packages
One of the following authentication methods with which the client connects to a Certificate Enrollment Server
        %1 -- %2
        %3 -- %4
        %5 -- %6
        %10 -- Only renewal requests can be submitted to this CA via this URL.'Delete an Enrollment Server application%1 | %3 | %54Delete an Enrollment Server application and application pool if necessary, for the specified CA. This command does not remove binaries or packages
One of the following authentication methods with which the client connects to a Certificate Enrollment Server
        %1 -- %2
        %3 -- %4
        %5 -- %6.$Install succeeded with warnings: %ws&UnInstall succeeded with warnings: %wsSmart Card Serial Number:ObjectId	ObjectIds	Extension
ExtensionsTemplate	TemplatesCACAsUse anonymous SSL credentialsUse Kerberos SSL credentials%Use X.509 Certificate SSL credentialsClientCertId%Use named account for SSL credentialsUserNameConflicting SSL credentialsCertificate List(Select client authentication certificateCA locale namePABDisplay, add or delete enrollment server URLs associated with a CA0[URL AuthenticationType [Priority] [%10]]
URL %9gAuthenticationType -- Specify one of the following client authentication methods while adding a URL
        %1 -- %2
        %3 -- %4
        %5 -- %6
        %7 -- %8.
%9 -- deletes the specified URL associated with the CA.
Priority -- defaults to '1' if not specified when adding a URL.
%10 -- Only renewal requests can be submitted to this CA via this URL.Priority1Display or delete Enrollment Policy Cache entries[%1]R%1 -- delete Policy Server cache entries
%2 -- use %2 to delete all cache entries.
NextUpdate
LastUpdateUrlIdDefaultPathAuthenticationAllowUntrustedCAPriorityCache file existsDeleting cache entry!
No cache file"Url does NOT match cache file nameCache DirectoryOrphaned Cache file/Display, add or delete Credential Store entries[URL]
URL %3
URL %1URL -- target URL.  Use %4 to match all entries
        Use %5 to match a URL prefix
%3 -- add a Credential Store entry
        SSL credentials must also be specified
%1 -- delete Credential Store entries
%2 -- use %2 to overwrite an entry or to delete multiple entries.
Enforce UTF-8Name
Friendly NameUrlIdPassword
CredentialCredentialsEnrollment CertificateEnrollment Username/PasswordSchemaId
PropertiesDeletingSettingIndefinite Length'%1 -- Delete all keys on the smart card(================ Url %d ================"ERROR: Container name inconsistentBFor selection U/I, use %3%1 %3
For all Policy Servers, use %3%1 %2For selection U/I, use %2%1 %2For selection U/I, use %2%1 %2@WARNING: CA certificate expires before registry validity period.AddedPA	AnonymousKerberosCertificateUsernameUnknownWeb Enrollment Servers:MatchesYou must install the Certificate Enrollment Web Service using Server Manager or ServerManagerCmd.exe before adding an enrollment server application.(To import a foreign certificate, see %ws Enrollment Server AuthenticationPASubject Template OIDsPA%ws failed with error:LoadingPASync with Windows UpdateDestinationDirDestinationDir -- folder to copy to.
     The following files are downloaded from Windows Update:
         %1 - contains CTL of Third Party Roots.
         %2 - contains CTL of Disallowed Certificates.
         %3 - Disallowed Certificates.
         <thumbprint>.crt - Third Party Roots. Generate SST from Windows UpdateSSTFileSSTFile -- %1 file to be created.
     The generated %1 file contains the Third Party Roots
     downloaded from Windows Update.Updating2"%ws" exists. Use "%ws" option to force overwrite.;Warning! Encountered the following no longer trusted roots:Use "%ws" options to force the delete of the above "%ws" files.
Was "%ws" updated?
If yes, consider deferring the delete until all clients have been updated.$Enabling temporary auto root update.&Restoring disable of auto root update.ZCannot enable auto root update in the registry.
Are you running as elevated administrator?No Updates!"Added %d files.  Updated %d files.Updated SST file.Select Certification Authority5Select a Certification Authority to send the request.PA4VS_VERSION_INFOFF?StringFileInfo040904B0LCompanyNameMicrosoft CorporationB
FileDescriptionCertUtil.exer)FileVersion6.1.7601.18151 (win7sp1_gdr.130512-1533):
InternalNameCertUtil.exe.LegalCopyright Microsoft Corporation. All rights reserved.JOriginalFilenameCertUtil.exe.muij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.1.7601.18151DVarFileInfo$Translation	PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING

Anon7 - 2022
AnonSec Team