Certutil view restrict description:
Disposition values for requests in the queue:
| Disposition | Description |
| 8 | request is being processed |
| 9 | request is taken under submission |
| 12 | certificate is an archived foreign certificate |
| 15 | certificate is a CA certificate |
| 16 | parent CA certificates of the CA certificate |
| 17 | certificate is a key recovery agent certificate |
Disposition values for requests in the log:
| Disposition | Description |
| 20 | certificate was issued |
| 21 | certificate is revoked |
| 30 | certificate request failed |
| 31 | certificate request is denied |
Export list of issued certificates from a CA:
certutil -view -restrict “Certificate Template=TempNameOrOID” -out “requestername,requestid” | find “Requester Name:” | sort >output.csv
certutil -view -restrict “notbefore=>1/1/2015” -out “RequestID,NotBefore,NotAfter,CertificateTemplate”
Show the SerialNumber of all issued and revoked certificates:
certutil -view -restrict “Disposition>=20,Disposition<=21” -out SerialNumber
Show all certificate requests that failed for the certificate template with the common name “EnrollmentAgent” after September 24th 2008:
certutil -view -restrict “Disposition=30,notbefore=>9/24/2008,certificate template=EnrollmentAgent” -out RawCertificate
