Hello, I have a MS Server 2003 Enterprise CA that has been powered off for almost 9 months. I have recently powered it on to obtain it's list of time valid certificates, and then was going to decommission it. My problem is that I can not keep the Certificate Services service started, and therefore can not open the list of issued certs. My question - Is there a way to find the list of issued certificates via the certlogs or looking in the certdb somehow? Thanks, Patrick

On Tue, 7 Sep 2010 20:44:55 +0000, guinnpk wrote: I have a MS Server 2003?Enterprise CA that has been powered off?for almost 9 months. I have recently powered it on to obtain?it's list of time valid certificates, and then was going to decommission it. My problem is that I can not keep the Certificate Services service started, and therefore can not open the list of issued certs. My question - Is there a way to find the list of issued certificates via the certlogs or looking in the certdb somehow? certutil -view -restrict "NotAfter<=9/7/2010 8:00 AM" -out RequestID,RequesterName,NotAfter,SerialNumber" How have you been issuing CRLs if it has been powered off for 9 months? Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

Unfortunately certutil -view will not work if you certificate services service is not running. I suppose there is no supported way to open Certificate Services database but I know about a tool that can open an offline Jet database. Use it on your own risk if you like (http://www.woany.co.uk/esedbviewer/). The Certificate Services page size is 4096 and you'll need to run the tool as administrator. Regards Martin Rublik