certutil.exe CertUtil.exe f2436cfb0e297f660b4809068ffcab26

File info

File name: certutil.exe.mui
Size: 176128 byte
MD5: f2436cfb0e297f660b4809068ffcab26
SHA1: 9566074b821608ea05fa4cd50ef6b2babcc3a59e
SHA256: d81b828ecd9c91dc5c7495e095967ad23f6e0ed8b17505e698c095de200f9f83
Operating systems: Windows 10
Extension: MUI
In x64: certutil.exe CertUtil.exe (32-bit)

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (U.S.) English
211PKCS #7 (*.p7b)|*.p7b|X.509 Certificate (*.cer;*.crt)|*.cer;*.crt|Personal Information Exchange (*.p12, *.pfx)|*.pfx|All Files (*.*)|*.*|| PKCS #7 (*.p7b)|*.p7b|X.509 Certificate (*.cer;*.crt)|*.cer;*.crt|Personal Information Exchange (*.p12, *.pfx)|*.pfx|All Files (*.*)|*.*||
212Select file to complete CA installation Select file to complete CA installation
213Unknown provider name Unknown provider name
214Cannot find the certificate for %1 to build a certificate chain. Do you wish to install this certificate now? Cannot find the certificate for %1 to build a certificate chain. Do you wish to install this certificate now?
215Cannot verify certificate chain. Do you wish to ignore the error and continue? Cannot verify certificate chain. Do you wish to ignore the error and continue?
216An error occurred retrieving the pending certificate
from %1:
An error occurred retrieving the pending certificate
from %1:
217Get Server CA Name Get Server CA Name
218Select CA Select CA
230Save certificate and Keys Save certificate and Keys
231Retrieve Certificate Retrieve Certificate
232Finish Suspended Setup Finish Suspended Setup
233The certificate is not a CA certificate. The certificate is not a CA certificate.
234Setup complete Setup complete
235Retrieve Pending Certificate Retrieve Pending Certificate
236Key Index Key Index
237Load Old Certificate Load Old Certificate
238Clone Root Certificate Clone Root Certificate
239Build Request Build Request
240Renew CA -- reuse keys Renew CA -- reuse keys
241Install CA Certificate Install CA Certificate
242Renew CA -- new keys Renew CA -- new keys
243Build CA Certificate Build CA Certificate
244Save Chain and Keys Save Chain and Keys
245If you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA. If you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA.
246Create DS CDP object Create DS CDP object
247Create DS enrollment services object Create DS enrollment services object
248Create DS Root Trust Create DS Root Trust
249Publish CA in DS Publish CA in DS
250Submit Request Submit Request
251An error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP.
An error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP.
252The Certification Authority certificate has a bad length: The Certification Authority certificate has a bad length:
253The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect. The most recently generated request file should be used to obtain the new certificate: %1 The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect. The most recently generated request file should be used to obtain the new certificate: %1
254The root certificate is untrusted. Do you wish to trust the root certificate on this machine and complete the installation? The root certificate is untrusted. Do you wish to trust the root certificate on this machine and complete the installation?
255Cannot add the Certification Authority certificate to the certificate store: Cannot add the Certification Authority certificate to the certificate store:
256Cannot create a certificate context using the Certification Authority certificate: Cannot create a certificate context using the Certification Authority certificate:
257Unreferenced INF sections Unreferenced INF sections
258Set Security Set Security
259Cannot create file %1: Cannot create file %1:
260The existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA.
The existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA.
261Cannot encode key attributes: Cannot encode key attributes:
262Cannot encode certificate: Cannot encode certificate:
263The %SystemRoot% environment variable is not set. The %SystemRoot% environment variable is not set.
264This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device.
This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device.
265An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP.
An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP.
266Cannot determine the computer name: Cannot determine the computer name:
267An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP.
An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP.
268Cannot decode Certification Authority name information: Cannot decode Certification Authority name information:
269The parent CA has denied your request because you are not a domain administrator. (%1)
To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.
The parent CA has denied your request because you are not a domain administrator. (%1)
To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.
270The new certificate subject Common Name does not match the active CA name: The new certificate subject Common Name does not match the active CA name:
271Generate Keys Generate Keys
272An error was detected while configuring Active Directory Certificate Services.
The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.
An error was detected while configuring Active Directory Certificate Services.
The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.
273The parent CA has denied your request for a CA certificate. Please contact the parent CA administrator.
(%1)
The parent CA has denied your request for a CA certificate. Please contact the parent CA administrator.
(%1)
274An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator.
(%1)
An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator.
(%1)
275This CA certificate request did not complete. Please contact the parent CA administrator.
(%1)
This CA certificate request did not complete. Please contact the parent CA administrator.
(%1)
276This CA certificate will be issued administratively. Please contact the parent CA administrator.
(%1)
This CA certificate will be issued administratively. Please contact the parent CA administrator.
(%1)
277This CA certificate request is in the pending state. Please contact the parent CA administrator.
(%1)
This CA certificate request is in the pending state. Please contact the parent CA administrator.
(%1)
278This CA certificate was revoked by the parent CA. Please contact the parent CA administrator.
(%1)
This CA certificate was revoked by the parent CA. Please contact the parent CA administrator.
(%1)
279Cannot set the key provider information for the certificate context: Cannot set the key provider information for the certificate context:
280Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported.
Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported.
281Cannot submit the certificate request to the specified CA. (%1)
To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.
Cannot submit the certificate request to the specified CA. (%1)
To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.
282The new certificate subject name does not exactly match the active CA name.
Renew with a new key to allow minor subject name changes:
The new certificate subject name does not exactly match the active CA name.
Renew with a new key to allow minor subject name changes:
283The new certificate public key does not match the current outstanding request.
The wrong request may have been used to generate the new certificate:
The new certificate public key does not match the current outstanding request.
The wrong request may have been used to generate the new certificate:
284Find certificate for %1 Find certificate for %1
285Cannot write the Certification Authority certificate to file "%1": Cannot write the Certification Authority certificate to file "%1":
286Cannot write to file %1: Cannot write to file %1:
287INF file error INF file error
288Set Key Security Set Key Security
289Parent CA = Parent CA =
290Request ID = Request ID =
291Microsoft Active Directory Certificate Services Microsoft Active Directory Certificate Services
292Set Directory Security Set Directory Security
299An error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name.
An error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name.
301Dump configuration information or file Dump configuration information or file
302Get default configuration string Get default configuration string
303Get default configuration string via ICertGetConfig Get default configuration string via ICertGetConfig
304CA Version CA Version
305Decode hexadecimal-encoded file Decode hexadecimal-encoded file
306Decode Base64-encoded file Decode Base64-encoded file
307Encode file to Base64 Encode file to Base64
308Deny pending request Deny pending request
309Resubmit pending request Resubmit pending request
310Revoke Certificate Revoke Certificate
311Publish new CRLs [or delta CRLs only] Publish new CRLs [or delta CRLs only]
312Get CRL Get CRL
313Display current certificate disposition Display current certificate disposition
314Set attributes for pending request Set attributes for pending request
315Set extension for pending request Set extension for pending request
316Retrieve the CA's certificate Retrieve the CA's certificate
317Retrieve the CA's certificate chain Retrieve the CA's certificate chain
318UserKeyAndCertFile [CertId] UserKeyAndCertFile [CertId]
319Import user keys and certificates into server database for key archival Import user keys and certificates into server database for key archival
320Dump Raw Database Dump Raw Database
321Verify public/private key set Verify public/private key set
322Verify certificate, CRL or chain Verify certificate, CRL or chain
323Check certificate for 0x7f length encodings Check certificate for 0x7f length encodings
324Display this usage message Display this usage message
325Verbose operation Verbose operation
326Use IDispatch instead of COM native methods Use IDispatch instead of COM native methods
327Reverse Log and Queue columns Reverse Log and Queue columns
328Options: Options:
329Unrecognized Reason Unrecognized Reason
330InFile OutFile InFile OutFile
331Column Name Localized Name Type MaxLength Column Name Localized Name Type MaxLength
332---------------------------- ---------------------------- ------ --------- ---------------------------- ---------------------------- ------ ---------
333RequestId RequestId
335SerialNumber [Reason] SerialNumber [Reason]
336[%3 | %1] [%2] [%3 | %1] [%2]
337OutFile [Index] [%1] OutFile [Index] [%1]
338SerialNumber | CertHash SerialNumber | CertHash
339RequestId AttributeString RequestId AttributeString
340RequestId ExtensionName Flags {Long | Date | String | @InFile} RequestId ExtensionName Flags {Long | Date | String | @InFile}
341OutCACertFile [Index] OutCACertFile [Index]
342OutCACertChainFile [Index] OutCACertChainFile [Index]
343[KeyContainerName CACertFile] [KeyContainerName CACertFile]
344CertFile [ApplicationPolicyList | - [IssuancePolicyList]] [Modifiers]
CertFile [CACertFile [CrossedCACertFile]]
CRLFile CACertFile [IssuedCertFile]
CRLFile CACertFile [DeltaCRLFile]
CertFile [ApplicationPolicyList | - [IssuancePolicyList]] [Modifiers]
CertFile [CACertFile [CrossedCACertFile]]
CRLFile CACertFile [IssuedCertFile]
CRLFile CACertFile [DeltaCRLFile]
345CertFile CertFile
346Out of memory Out of memory
347Missing %ws arg Missing %ws arg
348Unknown arg: %ws Unknown arg: %ws
349Multiple verb args: %ws Multiple verb args: %ws
350Missing argument Missing argument
351Too many arguments Too many arguments
352Internal verb table error Internal verb table error
353Unexpected "-%ws" option Unexpected "-%ws" option
354Usage: Usage:
355Options Options
356Verbs: Verbs:
357ObjectId -- ObjectId to display or to add display name
GroupId -- decimal GroupId number for ObjectIds to enumerate
AlgId -- hexadecimal AlgId for ObjectId to look up
AlgorithmName -- Algorithm Name for ObjectId to look up
DisplayName -- Display Name to store in DS
%1 -- delete display name
LanguageId -- Language Id (defaults to current: %2)
Type -- DS object type to create: 1 for Template (default),
2 for Issuance Policy, 3 for Application Policy
Use %3 to create DS object.
ObjectId -- ObjectId to display or to add display name
GroupId -- decimal GroupId number for ObjectIds to enumerate
AlgId -- hexadecimal AlgId for ObjectId to look up
AlgorithmName -- Algorithm Name for ObjectId to look up
DisplayName -- Display Name to store in DS
%1 -- delete display name
LanguageId -- Language Id (defaults to current: %2)
Type -- DS object type to create: 1 for Template (default),
2 for Issuance Policy, 3 for Application Policy
Use %3 to create DS object.
358-- Indexed -- Indexed
359Input Length = %d Input Length = %d
360No Key Authority serial number No Key Authority serial number
361Output Length = %d Output Length = %d
362DecodeFile returned %ws DecodeFile returned %ws
363EncodeToFile returned %ws EncodeToFile returned %ws
364Issuer Issuer
365Subject Subject
366ERROR: CA Issuer name does not match Key Authority name (%x) ERROR: CA Issuer name does not match Key Authority name (%x)
367CA Issuer name matches Key Authority name CA Issuer name matches Key Authority name
368No Key Authority name No Key Authority name
369ERROR: Issuer serial number does not match Key Authority ERROR: Issuer serial number does not match Key Authority
370Issuer serial number matches Key Authority Issuer serial number matches Key Authority
371Issuer Name Issuer Name
372KeyAuthority Name KeyAuthority Name
373KeyId: KeyId:
374Key Authority SerialNumber: Key Authority SerialNumber:
375CA Serial Number: CA Serial Number:
376Process: Process:
377[DomainDN | -] [DomainDN | -]
378LoadKeys returned %ws LoadKeys returned %ws
379LoadCert returned %ws LoadCert returned %ws
380ERROR: Certificate public key does NOT match stored keyset ERROR: Certificate public key does NOT match stored keyset
381Container Public Key: Container Public Key:
382Certificate Public Key: Certificate Public Key:
383Key "%ws" verifies as the public key for Certificate "%ws" Key "%ws" verifies as the public key for Certificate "%ws"
384Key "%ws" does NOT verify as the public key for Certificate "%ws" Key "%ws" does NOT verify as the public key for Certificate "%ws"
385Leaf certificate is REVOKED (Reason=%x) Leaf certificate is REVOKED (Reason=%x)
386ERROR: Verifying leaf certificate revocation status returned %ws ERROR: Verifying leaf certificate revocation status returned %ws
387Cannot check leaf certificate revocation status Cannot check leaf certificate revocation status
388Leaf certificate revocation check passed Leaf certificate revocation check passed
389LoadCert(Cert) returned %ws LoadCert(Cert) returned %ws
390LoadCert(CA) returned %ws LoadCert(CA) returned %ws
391Cert Cert
392Issuing CA Cert Issuing CA Cert
393Cert Serial Number: Cert Serial Number:
394Issuing CA Cert Serial Number: Issuing CA Cert Serial Number:
395Issuing CA is not a root: Subject name does not match Issuer Issuing CA is not a root: Subject name does not match Issuer
396ERROR: Issuing CA Subject name does not match Cert Issuer ERROR: Issuing CA Subject name does not match Cert Issuer
397Issuing CA Subject name matches Cert Issuer Issuing CA Subject name matches Cert Issuer
398CertVerifySubjectCertificateContext Flags = %x -- CertVerifySubjectCertificateContext Flags = %x --
399ERROR: Certificate validation failure: %x ERROR: Certificate validation failure: %x
400ERROR: CA did not issue Certificate: Signature check failed ERROR: CA did not issue Certificate: Signature check failed
401ERROR: Certificate has expired ERROR: Certificate has expired
402Certificate is current Certificate is current
403Contains CRL_DIST_POINTS revocation-check extension Contains CRL_DIST_POINTS revocation-check extension
404Contains NETSCAPE_REVOCATION_URL revocation-check extension Contains NETSCAPE_REVOCATION_URL revocation-check extension
405Certificate has no revocation-check extension Certificate has no revocation-check extension
406%ws verifies as issued by %ws %ws verifies as issued by %ws
407%ws does NOT verify (issued by %ws) %ws does NOT verify (issued by %ws)
408-- Revocation check skipped. -- Revocation check skipped.
409-- Revocation check passed. -- Revocation check passed.
410-- Revocation check: REVOKED. -- Revocation check: REVOKED.
411-- Revocation check FAILED. -- Revocation check FAILED.
412Signature matches Public Key Signature matches Public Key
413CRL Entries: CRL Entries:
414Cert: Cert:
415??? ???
416Suspect length in Suspect length in
417: field=%ws : field=%ws
418, oid=%ws , oid=%ws
419Extension %d: oid="%hs" fcrit=%u length=%x Extension %d: oid="%hs" fcrit=%u length=%x
420Signature does not match Public key: %x Signature does not match Public key: %x
421Cannot decode object: %ws Cannot decode object: %ws
422Algorithm ObjectId Algorithm ObjectId
423Algorithm Parameters: Algorithm Parameters:
424NULL NULL
425Public Key: UnusedBits = %u Public Key: UnusedBits = %u
426ChallengeString: "%ws" ChallengeString: "%ws"
427Config String: "%ws" Config String: "%ws"
428ICertGetConfig Config String: "%ws" ICertGetConfig Config String: "%ws"
429Certificate request is pending: RequestId: %u Certificate request is pending: RequestId: %u
430Certificate issued. Certificate issued.
431Certificate has not been issued: Disposition: %d -- %ws Certificate has not been issued: Disposition: %d -- %ws
432Certificate disposition for "%ws" is invalid Certificate disposition for "%ws" is invalid
433Certificate disposition for "%ws" is valid Certificate disposition for "%ws" is valid
434Certificate disposition for "%ws" is revoked (%ws) Certificate disposition for "%ws" is revoked (%ws)
435Date Date
436Long Long
437String String
438Binary Binary
439Schema: Schema:
440Row %u: Row %u:
441Opening Database %ws Opening Database %ws
442EMPTY EMPTY
443error = %ws error = %ws
444, ,
445Any Format Any Format
446PKCS10 PKCS10
447KeyGen Tag KeyGen Tag
448PKCS7 PKCS7
449Unknown Unknown
450Force Teletex Force Teletex
451Renewal Renewal
452Critical Critical
453Disabled Disabled
454PolicyFlags=%x PolicyFlags=%x
455Request Request
456Policy Policy
457Admin Admin
458Server Server
459UNKNOWN UNKNOWN
460Origin=%ws Origin=%ws
461???=%x ???=%x
462Get configuration via ICertConfig Get configuration via ICertConfig
463Request Properties: Request Properties:
464Certificate Properties: Certificate Properties:
465Command Line Command Line
466Sanitized Name: Sanitized Name:
467%ws: Flags = %x%ws, Length = %x %ws: Flags = %x%ws, Length = %x
468Expected at least %u args, received %u Expected at least %u args, received %u
469Expected no more than %u args, received %u Expected no more than %u args, received %u
470No active Certification Authorities found: %ws No active Certification Authorities found: %ws
471%ws: -%ws command FAILED: %ws %ws: -%ws command FAILED: %ws
473None None
474Other Other
476IssuerRDN IssuerRDN
477IssuerRDNAttribute IssuerRDNAttribute
478IssuerRDNString IssuerRDNString
480SubjectRDN SubjectRDN
481SubjectRDNAttribute SubjectRDNAttribute
482SubjectRDNString SubjectRDNString
483Extensions Extensions
484ExtensionArray ExtensionArray
485Extension Extension
486ExtensionValue ExtensionValue
487ExtensionValueRaw ExtensionValueRaw
488No key provider information No key provider information
489Dump Certificate View Dump Certificate View
490%ws added to DS store. %ws added to DS store.
491Ping Active Directory Certificate Services Request interface Ping Active Directory Certificate Services Request interface
492Ping Active Directory Certificate Services Admin interface Ping Active Directory Certificate Services Admin interface
493Name: Name:
494Organizational Unit: Organizational Unit:
495Organization: Organization:
496Locality: Locality:
497State: State:
498Country/region: Country/region:
499Config: Config:
500Exchange Certificate: Exchange Certificate:
501Signature Certificate: Signature Certificate:
502Description: Description:
503Server: Server:
504Authority: Authority:
505Entry Entry
506Certificate Extensions: Certificate Extensions:
507Request Attributes: Request Attributes:
508Shutdown Active Directory Certificate Services Shutdown Active Directory Certificate Services
509Command Status Command Status
510Dump Certificate Schema Dump Certificate Schema
511Command Succeeded Command Succeeded
512Password Password
513X509 Certificate: X509 Certificate:
514X509 Certificate Revocation List: X509 Certificate Revocation List:
515PKCS10 Certificate Request: PKCS10 Certificate Request:
516KeyGen Certificate Request: KeyGen Certificate Request:
517Version: %u Version: %u
518Serial Number: Serial Number:
519Signature Algorithm: Signature Algorithm:
520Public Key Algorithm: Public Key Algorithm:
521Issuer Unique Id: Issuer Unique Id:
522Subject Unique Id: Subject Unique Id:
523NotBefore: NotBefore:
524NotAfter: NotAfter:
525ThisUpdate: ThisUpdate:
526NextUpdate: NextUpdate:
527Revocation Date: Revocation Date:
528Extensions: Extensions:
529CRL Extensions: CRL Extensions:
530PKCS7 Message: PKCS7 Message:
531Possible Root Certificate: Subject matches Issuer, but Signature check fails: %x Possible Root Certificate: Subject matches Issuer, but Signature check fails: %x
532Non-root Certificate Non-root Certificate
533Root Certificate: Subject matches Issuer Root Certificate: Subject matches Issuer
534Non-root Certificate uses same Public Key as Issuer Non-root Certificate uses same Public Key as Issuer
535Revoking "%ws" Revoking "%ws"
536Enter PFX password: Enter PFX password:
537No built-in formatting support No built-in formatting support
538Private Key: Private Key:
539Length Length
540Display times as GMT Display times as GMT
541GMT GMT
542BackupDirectory BackupDirectory
543Backup Active Directory Certificate Services certificate and private key Backup Active Directory Certificate Services certificate and private key
544BackupDirectory | PFXFile BackupDirectory | PFXFile
545Restore Active Directory Certificate Services certificate and private key Restore Active Directory Certificate Services certificate and private key
546[CertificateStoreName [CertId [OutputFile]]] [CertificateStoreName [CertId [OutputFile]]]
547Dump certificate store Dump certificate store
548ProviderType = %x ProviderType = %x
549Key Container = %ws Key Container = %ws
550Provider = %ws Provider = %ws
551KeySpec = %x KeySpec = %x
552Flags Flags
553Restored keys and certificates for %ws\%ws from %ws. Restored keys and certificates for %ws\%ws from %ws.
554Backed up keys and certificates for %ws\%ws to %ws. Backed up keys and certificates for %ws\%ws to %ws.
555[CACertFile] [CACertFile]
556Install Certification Authority certificate Install Certification Authority certificate
557PKCS7 Message Content: PKCS7 Message Content:
558Authenticated Attributes Authenticated Attributes
559Signing Certificate Index Signing Certificate Index
560================ Begin Nesting Level %d ================ ================ Begin Nesting Level %d ================
561---------------- End Nesting Level %d ---------------- ---------------- End Nesting Level %d ----------------
562%ws: Lang %08x (%u.%u) %ws: Lang %08x (%u.%u)
563File %u.%u:%u.%u File %u.%u:%u.%u
564Product %u.%u:%u.%u
Product %u.%u:%u.%u
565No Signer No Signer
566No PKCS7 Message Content No PKCS7 Message Content
567No Certificates No Certificates
568No CRLs No CRLs
569Certificates: Certificates:
570CRLs: CRLs:
571Renewal Certificate: Renewal Certificate:
572Encrypted Hash: Encrypted Hash:
573%d attributes: %d attributes:
574Attribute Attribute
575Value[%d][%d], Length = %x Value[%d][%d], Length = %x
576BackupDirectory [%1] [%2] BackupDirectory [%1] [%2]
577Backup Active Directory Certificate Services database Backup Active Directory Certificate Services database
579Restore Active Directory Certificate Services database Restore Active Directory Certificate Services database
580Reason: Unspecified Reason: Unspecified
581Reason: Key Compromise Reason: Key Compromise
582Reason: CA Compromise Reason: CA Compromise
583Reason: Affiliation Changed Reason: Affiliation Changed
584Reason: Superseded Reason: Superseded
585Reason: Cessation of Operation Reason: Cessation of Operation
586Reason: Certificate Hold Reason: Certificate Hold
587Reason: Remove From CRL Reason: Remove From CRL
588List CSPs installed on this machine List CSPs installed on this machine
589Test CSPs installed on this machine Test CSPs installed on this machine
590[Algorithm] [Algorithm]
591Use silent flag to acquire crypt context Use silent flag to acquire crypt context
592%1 -- Request queue
%2 -- Issued or revoked certificates, plus failed requests
%3 -- Failed requests
%4 -- Revoked certificates
%5 -- Extension table
%6 -- Attribute table
%7 -- CRL table
%8 -- Output as Comma Separated Values

To display the StatusCode column for all entries:
-out StatusCode
To display all columns for the last entry:
-restrict "RequestId==$"
To display RequestId and Disposition for three requests:
-restrict "RequestId=37,RequestId
%1 -- Request queue
%2 -- Issued or revoked certificates, plus failed requests
%3 -- Failed requests
%4 -- Revoked certificates
%5 -- Extension table
%6 -- Attribute table
%7 -- CRL table
%8 -- Output as Comma Separated Values

To display the StatusCode column for all entries:
-out StatusCode
To display all columns for the last entry:
-restrict "RequestId==$"
To display RequestId and Disposition for three requests:
-restrict "RequestId=37,RequestId
593[ObjectId | %1 | %2 [CommonName]] [ObjectId | %1 | %2 [CommonName]]
594Active Active
595Pending Pending
596Issued Issued
597Revoked Revoked
598Error Error
599Denied Denied
600Renewal Cert Renewal Cert
601Stop and Start Active Directory Certificate Services to complete database restore from %ws. Stop and Start Active Directory Certificate Services to complete database restore from %ws.
602Server ICertAdmin%ws interface is alive Server ICertAdmin%ws interface is alive
603Cannot open Active Directory Certificate Services database: %ws. Cannot open Active Directory Certificate Services database: %ws.
604The Certification Authority service must be stopped for direct database access. The Certification Authority service must be stopped for direct database access.
605(Local) (Local)
606%ws: No local Certification Authority; use -config option %ws: No local Certification Authority; use -config option
607Reason: Unrevoke Reason: Unrevoke
608This might be caused by:
Inaccessible server
No permissions on server
Server not in the expected state
This might be caused by:
Inaccessible server
No permissions on server
Server not in the expected state
609Dump PFX structure Dump PFX structure
610Server "%ws" ICertRequest%ws interface is alive %ws Server "%ws" ICertRequest%ws interface is alive %ws
611Connecting to %ws ... Connecting to %ws ...
612Use HKEY_CURRENT_USER keys or certificate store Use HKEY_CURRENT_USER keys or certificate store
613================ Certificate %d ================ ================ Certificate %d ================
614Enter new password: Enter new password:
615Confirm new password: Confirm new password:
616Password differs -- please try again Password differs -- please try again
617Missing stored keyset Missing stored keyset
619Backup Active Directory Certificate Services Backup Active Directory Certificate Services
621Restore Active Directory Certificate Services Restore Active Directory Certificate Services
622CertificateStoreName InFile CertificateStoreName InFile
623Add certificate to store Add certificate to store
624CertificateStoreName CertId CertificateStoreName CertId
625Delete certificate from store Delete certificate from store
626CertificateStoreName [CertId] CertificateStoreName [CertId]
627Verify certificate in store Verify certificate in store
628Deleting Certificate %d: %ws Deleting Certificate %d: %ws
629Verifies against UNTRUSTED root Verifies against UNTRUSTED root
630Incomplete certificate chain Incomplete certificate chain
631Certificate is valid Certificate is valid
632Incomplete Incomplete
636Issued Out of Band Issued Out of Band
639Certificate request for "%ws" is pending Certificate request for "%ws" is pending
640Cannot add a non-root certificate to the root store Cannot add a non-root certificate to the root store
641Force overwrite Force overwrite
642Certificate or key exists. Use the "%ws" option to overwrite. Certificate or key exists. Use the "%ws" option to overwrite.
643Incremental database backup for %ws. Incremental database backup for %ws.
644Full database backup for %ws. Full database backup for %ws.
645Backed up database to %ws. Backed up database to %ws.
646Database logs were preserved. Database logs were preserved.
647Database logs successfully truncated. Database logs successfully truncated.
648Restoring database for %ws. Restoring database for %ws.
649File File
650ObjectId [DisplayName | %1 [LanguageId [Type]]]
GroupId
AlgId | AlgorithmName [GroupId]
ObjectId [DisplayName | %1 [LanguageId [Type]]]
GroupId
AlgId | AlgorithmName [GroupId]
651Display ObjectId or set display name Display ObjectId or set display name
652Unknown ObjectId Unknown ObjectId
653Certfile [%1] Certfile [%1]
654Import a certificate file into the database Import a certificate file into the database
655Imported Certificate, Assigned RequestId %i. Imported Certificate, Assigned RequestId %i.
656Revocation check skipped -- server offline Revocation check skipped -- server offline
657Revocation check skipped -- no revocation information available Revocation check skipped -- no revocation information available
658Display dynamic file List Display dynamic file List
659[{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]][RegistryValueName] [{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]][RegistryValueName]
660Display registry value Display registry value
661[{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]]RegistryValueName Value [{%1|%2|%3|%4|%5|%6|%7|%8}\[%9\]]RegistryValueName Value
662Set registry value Set registry value
663Old Value: Old Value:
664New Value: New Value:
665AltName: %u entries: AltName: %u entries:
666AltName AltName
667Display database locations Display database locations
668Not a valid backup target directory: %ws. Not a valid backup target directory: %ws.
669Not a valid backup directory: %ws. Not a valid backup directory: %ws.
670Backup content verification failed: %ws. Backup content verification failed: %ws.
671Incremental database restore for %ws. Incremental database restore for %ws.
672Full database restore for %ws. Full database restore for %ws.
673Imported Cert Imported Cert
674ERROR: Cert is not yet valid ERROR: Cert is not yet valid
675ERROR: Cert has expired ERROR: Cert has expired
676ERROR: Cert Valid before issuing CA Cert Valid ERROR: Cert Valid before issuing CA Cert Valid
677ERROR: Cert Expires after issuing CA Cert Expires ERROR: Cert Expires after issuing CA Cert Expires
678Decoded extra Extension Array encoding layer (Teletex string) Decoded extra Extension Array encoding layer (Teletex string)
679ErrorCode ErrorCode
680Display error code message text Display error code message text
681Create/delete web virtual roots and file shares Create/delete web virtual roots and file shares
682Web Virtual Root %ws Web Virtual Root %ws
683File Share %ws File Share %ws
684Created Created
685Deleted Deleted
686Already Exists Already Exists
687Not Found Not Found
688Create Error Create Error
689Delete Error Delete Error
690Not Supported. The virtual directory cannot be created because the "IIS 6 Metabase Compatibility" role service is not installed. Install the "IIS 6 Metabase Compatibility" role service and run the command again. Not Supported. The virtual directory cannot be created because the "IIS 6 Metabase Compatibility" role service is not installed. Install the "IIS 6 Metabase Compatibility" role service and run the command again.
691[%1] [%1]
692Backing up Database files Backing up Database files
693Backing up Log files Backing up Log files
694Truncating Logs Truncating Logs
695Restoring Database files Restoring Database files
696Restoring Log files Restoring Log files
697Maximum Row Index Maximum Row Index
698CA Cert CA Cert
699CA Cert Chain CA Cert Chain
700Characters Characters
701OVERFLOW: OVERFLOW:
702Repeated "-%ws" option Repeated "-%ws" option
703Config string must include Authority name Config string must include Authority name
704CertFile -- certificate file to publish
%1 -- Publish cert to DS Enterprise store
%2 -- Publish cert to DS Trusted Root store
%3 -- Publish CA cert to DS CA object
%4 -- Publish cross cert to DS CA object
%5 -- Publish cert to DS Key Recovery Agent object
%6 -- Publish cert to User DS object
%7 -- Publish cert to Machine DS object
CRLFile -- CRL file to publish
DSCDPContainer -- DS CDP container CN, usually the CA machine name
DSCDPCN -- DS CDP object CN, usually based on the sanitized CA short name and key index
Use %8 to create DS object.
CertFile -- certificate file to publish
%1 -- Publish cert to DS Enterprise store
%2 -- Publish cert to DS Trusted Root store
%3 -- Publish CA cert to DS CA object
%4 -- Publish cross cert to DS CA object
%5 -- Publish cert to DS Key Recovery Agent object
%6 -- Publish cert to User DS object
%7 -- Publish cert to Machine DS object
CRLFile -- CRL file to publish
DSCDPContainer -- DS CDP container CN, usually the CA machine name
DSCDPCN -- DS CDP object CN, usually based on the sanitized CA short name and key index
Use %8 to create DS object.
705Ensure the server is correctly installed and retry. Ensure the server is correctly installed and retry.
706Connecting to data source %hs as user %hs Connecting to data source %hs as user %hs
707Failed to connect to data source 0x%08x (%d) Failed to connect to data source 0x%08x (%d)
708Converted %u rows Converted %u rows
709Skipped %u rows that already exist in new Database Skipped %u rows that already exist in new Database
710Skipped %u rows not issued by this Certification Authority Skipped %u rows not issued by this Certification Authority
711Converting Row %u Converting Row %u
712Row %u -- Skipping duplicate Serial Number: %ws Row %u -- Skipping duplicate Serial Number: %ws
713Row %u -- Skipping entry not issued by this Certification Authority: %ws Row %u -- Skipping entry not issued by this Certification Authority: %ws
714Converting source row %u to target row %u Converting source row %u to target row %u
715Begin names table entries for %u.%u Begin names table entries for %u.%u
716End names table entries for %u.%u End names table entries for %u.%u
717Get SMTP info Get SMTP info
718LogonName LogonName
719Set SMTP info Set SMTP info
720%u Rows %u Rows
721Row Properties Row Properties
722Request Attributes Request Attributes
723Certificate Extensions Certificate Extensions
724Total Fields Total Fields
725%4u %ws, Total Size = %u, Max Size = %u, Ave Size = %u %4u %ws, Total Size = %u, Max Size = %u, Ave Size = %u
726Private key is NOT exportable Private key is NOT exportable
727Enterprise Root CA Enterprise Root CA
728Enterprise Subordinate CA Enterprise Subordinate CA
729Stand-alone Root CA Stand-alone Root CA
730Stand-alone Subordinate CA Stand-alone Subordinate CA
731Unknown CA Type: %u Unknown CA Type: %u
732[%1] [Machine\ParentCAName] [%1] [Machine\ParentCAName]
733Renew Certification Authority certificate Renew Certification Authority certificate
734Cert Hash(%ws): Cert Hash(%ws):
735Error message text: %ws Error message text: %ws
736================ CRL %d ================ ================ CRL %d ================
737Deleting CRL %d: %ws Deleting CRL %d: %ws
738CA Certs: %u CA Certs: %u
739Keys: Keys:
740Values: Values:
741Load(CRL) returned %ws Load(CRL) returned %ws
742CRL CRL
743ERROR: CRL is not yet valid ERROR: CRL is not yet valid
744ERROR: CRL has expired ERROR: CRL has expired
745ERROR: CRL Valid before issuing CA Cert Valid ERROR: CRL Valid before issuing CA Cert Valid
746ERROR: CRL Expires after issuing CA Cert Expires ERROR: CRL Expires after issuing CA Cert Expires
747ERROR: Issuing CA Subject name does not match CRL Issuer ERROR: Issuing CA Subject name does not match CRL Issuer
748Issuing CA Subject name matches CRL Issuer Issuing CA Subject name matches CRL Issuer
749ERROR: CA did not issue CRL: Signature check failed ERROR: CA did not issue CRL: Signature check failed
750CRL signature is valid CRL signature is valid
751CA Key Id matches Key Id CA Key Id matches Key Id
752ERROR: CA Key Id does not match Key Id ERROR: CA Key Id does not match Key Id
753No Key Id No Key Id
755Unavailable Unavailable
756Error: No CRL for this Cert Error: No CRL for this Cert
758Valid Valid
759Expired Expired
760Under Submission Under Submission
762[KeyContainerName | -] [KeyContainerName | -]
763List key containers List key containers
764KeyContainerName KeyContainerName
765Delete named key container Delete named key container
766Certificate is REVOKED Certificate is REVOKED
767CA cert verify status CA cert verify status
768Flags: Flags:
769ERROR: Certificate public key does NOT match private key ERROR: Certificate public key does NOT match private key
770Signature test passed Signature test passed
771Signature test FAILED Signature test FAILED
772Display DS Certificates Display DS Certificates
773[FullDSDN] | [CertId [OutFile]] [FullDSDN] | [CertId [OutFile]]
774Display DS CRLs Display DS CRLs
775[FullDSDN] | [CRLIndex [OutFile]] [FullDSDN] | [CRLIndex [OutFile]]
776[CN] [CN]
777Display DS DNs Display DS DNs
778CN CN
779Delete DS DNs Delete DS DNs
780Deleting Deleting
781[InfoName [Index | ErrorCode]] [InfoName [Index | ErrorCode]]
782Display CA Information Display CA Information
783InfoName argument syntax: InfoName argument syntax:
785[Index] [Index]
786Force UTF-8 Force UTF-8
787Signature: UnusedBits=%u Signature: UnusedBits=%u
788Short Name: Short Name:
789Sanitized Short Name: Sanitized Short Name:
790SMIME Capabilities: SMIME Capabilities:
791Request File: Request File:
792PKCS7 Attribute PKCS7 Attribute
793No Signature No Signature
794Certificate Sequence: Certificate Sequence:
795Cannot find certificate: Cannot find certificate:
796Valid Encrypted Key Hash Valid Encrypted Key Hash
797[%1 | %2 | %3] [%1 | %2 | %3]
798[%1 | %2 | %3 | %4 | %5 | %6 | %7] [%8] [%1 | %2 | %3 | %4 | %5 | %6 | %7] [%8]
800Display DS Delta CRLs Display DS Delta CRLs
801Display times with seconds and milliseconds Display times with seconds and milliseconds
802ERROR: CA Cert has no Basic Constraints2 Extension ERROR: CA Cert has no Basic Constraints2 Extension
803ERROR: Cannot decode CA Cert Basic Constraints2 Extension ERROR: Cannot decode CA Cert Basic Constraints2 Extension
804ERROR: CA Cert is an End Entity certificate ERROR: CA Cert is an End Entity certificate
805Cert is a CA certificate Cert is a CA certificate
806Cert is an End Entity certificate Cert is an End Entity certificate
807Element %u: Element %u:
808CMC CMC
809Certificate is NOT valid: %ws Certificate is NOT valid: %ws
810Encryption test passed Encryption test passed
811Encryption test FAILED Encryption test FAILED
812Use V1 interfaces Use V1 interfaces
813File version File version
814Product version Product version
815Exit module count Exit module count
816Exit module description Exit module description
817Policy module description Policy module description
818CA name CA name
819Sanitized CA name Sanitized CA name
820Shared folder Shared folder
821CA type CA type
822Parent CA Parent CA
823CA cert count CA cert count
824CA cert CA cert
825CA cert chain CA cert chain
826CA exchange cert count CA exchange cert count
827CA exchange cert CA exchange cert
828CA exchange cert chain CA exchange cert chain
829Base CRL Base CRL
830Delta CRL Delta CRL
833CA info CA info
834Display CA Property Type Information Display CA Property Type Information
835Use ICertAdmin2 for CA Properties Use ICertAdmin2 for CA Properties
836Maximum CA PropId Maximum CA PropId
837Select a certificate from a selection UI Select a certificate from a selection UI
838Certificate List Certificate List
839List certificates List certificates
840List certificates for ObjectId List certificates for ObjectId
841List Enrollment Registration Authority certificates List Enrollment Registration Authority certificates
842List Key Recovery Agent certificates List Key Recovery Agent certificates
843Key Id Hash(%ws): Key Id Hash(%ws):
844CMS Certificate Request: CMS Certificate Request:
845CMS Response: CMS Response:
846Tagged Attributes: Tagged Attributes:
847Tagged Content Info: Tagged Content Info:
848Tagged Requests: Tagged Requests:
849Tagged Other Messages: Tagged Other Messages:
850UNKNOWN Request Choice UNKNOWN Request Choice
851Body Part Id: Body Part Id:
852Cannot load key: %ws Cannot load key: %ws
853Expired certificate Expired certificate
854Unauthenticated Attributes Unauthenticated Attributes
855Content Type Content Type
856Data Reference Data Reference
857Cert Reference Cert Reference
858Value Value
859UNKNOWN Tagged Attribute UNKNOWN Tagged Attribute
860Signer Count Signer Count
861Signer Info Signer Info
862Hash Algorithm: Hash Algorithm:
863Encrypted Hash Algorithm: Encrypted Hash Algorithm:
864Stored Hash%ws: Stored Hash%ws:
865Computed Hash%ws: Computed Hash%ws:
866CMC Attribute CMC Attribute
867Exchange Authority Information Access Exchange Authority Information Access
868Exchange Version Exchange Version
869InFile [HashAlgorithm] InFile [HashAlgorithm]
870Generate and display cryptographic hash over a file Generate and display cryptographic hash over a file
871%ws hash of file %ws: %ws hash of file %ws:
872CA Key Exchange Certificate CA Key Exchange Certificate
873Pass Pass
874No Recipient No Recipient
875Recipient Count Recipient Count
876Recipient Info Recipient Info
877DNS Name DNS Name
878SearchToken [RecoveryBlobOutFile]
SearchToken %1 OutputScriptFile
SearchToken %2 | %3 OutputFileBaseName
SearchToken [RecoveryBlobOutFile]
SearchToken %1 OutputScriptFile
SearchToken %2 | %3 OutputFileBaseName
879Retrieve archived private key recovery blob, generate a recovery script,
or recover archived keys
Retrieve archived private key recovery blob, generate a recovery script,
or recover archived keys
880RecoveryBlobInFile [PFXOutFile [RecipientIndex]] RecoveryBlobInFile [PFXOutFile [RecipientIndex]]
881Recover archived private key Recover archived private key
882
[File]

[File]
883Decrypted PKCS7 Message Content Decrypted PKCS7 Message Content
884Cannot decrypt message content. Cannot decrypt message content.
885Key recovery requires one of the following certificates and its private key: Key recovery requires one of the following certificates and its private key:
886User Certificate: User Certificate:
887Algorithm Class Algorithm Class
888Algorithm Type Algorithm Type
889Algorithm Sub-id Algorithm Sub-id
890CMC Status Info CMC Status Info
891Body Part Id Reference Body Part Id Reference
892Status String Status String
893Other Info Choice Other Info Choice
894Fail Info Fail Info
895Pend Token: Pend Token:
896Pend Time Pend Time
897CertFile [%1 | %2 | %3 | %4 | %5 | %6 | %7]
CRLFile [DSCDPContainer [DSCDPCN]]
CertFile [%1 | %2 | %3 | %4 | %5 | %6 | %7]
CRLFile [DSCDPContainer [DSCDPCN]]
898Publish certificate or CRL to Active Directory Publish certificate or CRL to Active Directory
899Could not load Certificate or CRL from file (%ws) Could not load Certificate or CRL from file (%ws)
900User User
901Authenticated Session Authenticated Session
902Smartcard Logon Smartcard Logon
903Basic EFS Basic EFS
904Administrator Administrator
905EFS Recovery Agent EFS Recovery Agent
906Code Signing Code Signing
907Trust List Signing Trust List Signing
908Computer Computer
909Domain Controller Domain Controller
910Web Server Web Server
911KDC KDC
912Root Certification Authority Root Certification Authority
913Subordinate Certification Authority Subordinate Certification Authority
914Enrollment Agent Enrollment Agent
915Smartcard User Smartcard User
917User Signature Only User Signature Only
919The value for the following key is incorrect in the INF file. It should be a non-zero numeric value. The value for the following key is incorrect in the INF file. It should be a non-zero numeric value.
923IPSec IPSec
924The value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value. The value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value.
925IPSec (Offline request) IPSec (Offline request)
926The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English). The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English).
927Router (Offline request) Router (Offline request)
928req req
929Open Request File Open Request File
930Request Files (*.req; *.txt; *.cmc; *.der)|*.req;*.txt;*.cmc;*.der|Certificate Files(*.cer; *.crt; *.der)|*.cer;*.crt;*.der|All Files (*.*)|*.*|| Request Files (*.req; *.txt; *.cmc; *.der)|*.req;*.txt;*.cmc;*.der|Certificate Files(*.cer; *.crt; *.der)|*.cer;*.crt;*.der|All Files (*.*)|*.*||
931Please enter a computer name. Please enter a computer name.
932Please make sure there is a running CA on the computer. Please make sure there is a running CA on the computer.
933There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system administrator or select a different CA. There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system administrator or select a different CA.
934Cannot ping the selected CA. Please make sure the CA is running. Cannot ping the selected CA. Please make sure the CA is running.
935Exchange Enrollment Agent (Offline request) Exchange Enrollment Agent (Offline request)
936Exchange User Exchange User
937Exchange Signature Only Exchange Signature Only
938There are no published CAs available. Please contact the system administrator or select a CA by name. There are no published CAs available. Please contact the system administrator or select a CA by name.
939Enrollment Agent (Computer) Enrollment Agent (Computer)
940Save Request File Save Request File
941CEP Encryption CEP Encryption
942Built Policy Built Policy
943Policy Element Policy Element
944Policy Statement Extension Policy Statement Extension
945Policy inf missing section or key Policy inf missing section or key
946Opened Policy inf Opened Policy inf
947Cannot open Policy inf Cannot open Policy inf
948Begin Begin
949End End
950Manage CA Manage CA
951Issue and Manage Certificates Issue and Manage Certificates
952Manage Audit Logs Manage Audit Logs
953Backup and Restore Backup and Restore
954Read Read
955Request Certificates Request Certificates
964Closed Policy inf Closed Policy inf
965Message Box Message Box
966The value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English). The value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English).
967Key Recovery Agent Key Recovery Agent
968CA Exchange CA Exchange
969970 Cross Certification Authority 970 Cross Certification Authority
971Domain Controller Authentication Domain Controller Authentication
972Directory Email Replication Directory Email Replication
974
You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.

You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.
976The Web client cannot be configured to forward requests to the selected CA. The Web client cannot be configured to forward requests to the selected CA.
977The value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1). The value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1).
978Workstation Authentication Workstation Authentication
979RAS and IAS Server RAS and IAS Server
980Low Assurance Low Assurance
981Medium Assurance Medium Assurance
982High Assurance High Assurance
983OCSP Response Signing OCSP Response Signing
984Kerberos Authentication Kerberos Authentication
1000Key recovery agent Key recovery agent
1001Directory e-mail replication Directory e-mail replication
1002Cross-certified certification authority Cross-certified certification authority
1003Certification authority (CA) Certification authority (CA)
1007Active Directory KRA Active Directory KRA
1008Active Directory AIA Active Directory AIA
1009Logged on user Logged on user
1010Local system Local system
1011username/password username/password
1012certificate certificate
1013windows integrated windows integrated
1014anonymous anonymous
1015unknown unknown
1016credential is private credential is private
2000Bytes Bytes
2001%ws already in DS store. %ws already in DS store.
2002Certificate Certificate
2003Subject Key Id (%ws): Subject Key Id (%ws):
2004precomputed precomputed
2005Cannot open Cert store. Cannot open Cert store.
2006Cannot open existing Cert store. Use %ws option to force Cert store creation. Cannot open existing Cert store. Use %ws option to force Cert store creation.
2007CertificateStoreName CertIdList [PropertyInfFile | SDDLSecurityDescriptor] CertificateStoreName CertIdList [PropertyInfFile | SDDLSecurityDescriptor]
2008Repair key association or update certificate properties or key security descriptor Repair key association or update certificate properties or key security descriptor
2009%d bit key %d bit key
2010Delete registry value Delete registry value
2011Cannot verify detached signature Cannot verify detached signature
2012[CertificateStoreName] CertId PFXFile [Modifiers] [CertificateStoreName] CertId PFXFile [Modifiers]
2013Export certificate and private key Export certificate and private key
2014[CertificateStoreName] PFXFile [Modifiers] [CertificateStoreName] PFXFile [Modifiers]
2015Import certificate and private key Import certificate and private key
2016[Template] [Template]
2017Display DS Template Attributes Display DS Template Attributes
2018TemplateInfFile TemplateInfFile
2019Add DS Templates Add DS Templates
2020Created DS Template Created DS Template
2021Updated DS Template Updated DS Template
2022%ws: -%ws command completed successfully. %ws: -%ws command completed successfully.
2023The %ws service may need to be restarted for changes to take effect. The %ws service may need to be restarted for changes to take effect.
2025Display Enrollment Policy templates Display Enrollment Policy templates
2026Template Template
2027Display CAs for template Display CAs for template
2029Display templates for CA Display templates for CA
2030Display user templates Display user templates
2031Display machine templates Display machine templates
2032Template Extensions: Template Extensions:
2033Enter new password for output file %ws: Enter new password for output file %ws:
2034Enter password for %ws: Enter password for %ws:
2035Encode text without CR characters Encode text without CR characters
2036InFile OutFile [type] InFile OutFile [type]
2037Encode file in hexadecimal Encode file in hexadecimal
2038Embedded ASN.1 Element: Embedded ASN.1 Element:
2039Split embedded ASN.1 elements, and save to files Split embedded ASN.1 elements, and save to files
2040Use local machine Enterprise registry certificate store Use local machine Enterprise registry certificate store
2041No root certificates found. No root certificates found.
2042Invalidity Date Invalidity Date
2043Querying %ws Querying %ws
2044Role Separation Role Separation
2045Verified Issuance Policies Verified Issuance Policies
2046Verified Application Policies Verified Application Policies
2047[URL | %1 | %2 [%3]] [URL | %1 | %2 [%3]]
2048Display or delete URL cache entries Display or delete URL cache entries
2049KRA cert count KRA cert count
2050KRA cert used count KRA cert used count
2051KRA cert KRA cert
2052Invalid ObjectId or Algorithm Invalid ObjectId or Algorithm
2053PKCS7/CMS Message: PKCS7/CMS Message:
2054No display names No display names
2055Type mismatch Type mismatch
2056Localized name Localized name
2057CSP Provider Info CSP Provider Info
2058InFileList|SerialNumber|%1 OutFileList [StartDate[+|-%9]+|-%9] [+SerialNumberList | -SerialNumberList | -ObjectIdList | @ExtensionFile]
InFileList|SerialNumber|%1 OutFileList [#HashAlgorithm] [+%6 | -%6]
InFileList OutFileList [%10] [%11hex data]
InFileList|SerialNumber|%1 OutFileList [StartDate[+|-%9]+|-%9] [+SerialNumberList | -SerialNumberList | -ObjectIdList | @ExtensionFile]
InFileList|SerialNumber|%1 OutFileList [#HashAlgorithm] [+%6 | -%6]
InFileList OutFileList [%10] [%11hex data]
2059Re-sign CRL or certificate Re-sign CRL or certificate
2060Signing certificate Subject Signing certificate Subject
2061RowId | Date [%1 | %2 | %3 | %4 | %5] RowId | Date [%1 | %2 | %3 | %4 | %5]
2062Delete server database row Delete server database row
2063Rows deleted: %u Rows deleted: %u
2064One of the following tables must be specified when deleting rows older than %ws: One of the following tables must be specified when deleting rows older than %ws:
2065The date specified is in the future: %ws The date specified is in the future: %ws
2066CRL Hash(%ws): CRL Hash(%ws):
2067Include CRLs Include CRLs
2068Full Response Full Response
2069CA cert chain with CRLs CA cert chain with CRLs
2070CA exchange cert chain with CRLs CA exchange cert chain with CRLs
2071Pulse autoenrollment event or NGC task Pulse autoenrollment event or NGC task
2072DomainName\MachineName$ DomainName\MachineName$
2073Display Active Directory machine object information Display Active Directory machine object information
2074Machine object missing %ws attribute. Machine object missing %ws attribute.
2075Group Memberships: Group Memberships:
2076[Domain] [%1 | %2 | %3] [Domain] [%1 | %2 | %3]
2077Display domain controller information Display domain controller information
2078Enterprise Root store: %ws Enterprise Root store: %ws
2079KDC certificates: %ws KDC certificates: %ws
2080DC UNAVAILABLE: %ws DC UNAVAILABLE: %ws
2081*** Testing DC[%u]: %ws *** Testing DC[%u]: %ws
2082** Enterprise Root Certificates for DC %ws ** Enterprise Root Certificates for DC %ws
2083** KDC Certificates for DC %ws ** KDC Certificates for DC %ws
2084Unknown Property Unknown Property
2086Public Key Length: %u bits Public Key Length: %u bits
2087Advanced Server Advanced Server
2088CRL Publish Status CRL Publish Status
2089Delta CRL Publish Status Delta CRL Publish Status
2090Templates Templates
2091Parameter = %x Parameter = %x
2092Parameter Flags = %x Parameter Flags = %x
2093Archived! Archived!
2095Display enterprise information Display enterprise information
2096Display CA information Display CA information
2097DSS Key Length: %u bits DSS Key Length: %u bits
2098================ CTL %d ================ ================ CTL %d ================
2099Client Id: Client Id:
2100User: User:
2101Machine: Machine:
2102Certificate Trust List: Certificate Trust List:
2103List Identifier: List Identifier:
2104Sequence Number: Sequence Number:
2105Subject Algorithm: Subject Algorithm:
2106CTL Entries: CTL Entries:
2107Usage Entries: Usage Entries:
2108Subject Identifier%ws: Subject Identifier%ws:
2109View Certificate Store View Certificate Store
2110Select Certificate Select Certificate
2111Select Certificate to Delete Select Certificate to Delete
2112Saved certificate %ws Saved certificate %ws
2113Deleted certificate %ws Deleted certificate %ws
2114Enroll-on-Behalf-of Enroll-on-Behalf-of
2115[ReaderName [%1]] [ReaderName [%1]]
2116Display smart card information Display smart card information
2117Service is paused. Service is paused.
2118Service is stopped. Service is stopped.
2119Service is in an unknown state. Service is in an unknown state.
2120The Microsoft Smart Card Resource Manager is running. The Microsoft Smart Card Resource Manager is running.
2121The Microsoft Smart Card Resource Manager is not running. The Microsoft Smart Card Resource Manager is not running.
2122Found AT_SIGNATURE key but no AT_KEYEXCHANGE key Found AT_SIGNATURE key but no AT_KEYEXCHANGE key
2123Server could not be reached: %ws Server could not be reached: %ws
2124Select Decryption Certificate Select Decryption Certificate
2125Foreign Cert Foreign Cert
2126KRA Cert KRA Cert
2127UPN: UPN:
2128Subject Unmodified Subject Unmodified
2129Publish Error Publish Error
2130NULL signature verifies NULL signature verifies
2131Source Url Name: Source Url Name:
2132Local File Name: Local File Name:
2133Use Count: %d Use Count: %d
2134Hit Rate: %d Hit Rate: %d
2135File Size: %d File Size: %d
2136Last Modified Time: Last Modified Time:
2137Expire Time: Expire Time:
2138Last Access Time: Last Access Time:
2139Last Sync Time: Last Sync Time:
2140Error: Check machine name. Should be domain\computer$ Error: Check machine name. Should be domain\computer$
2141%ws is missing trailing $, correct? %ws is missing trailing $, correct?
2142Issuer Domain Policy = Issuer Domain Policy =
2143Subject Domain Policy = Subject Domain Policy =
2144Map[%u]: Map[%u]:
2145Cert Type not DC: %ws Cert Type not DC: %ws
2146Cert Usage missing %ws Cert Usage missing %ws
2147Deleted KDC certificate! Deleted KDC certificate!
2148CertDeleteCertificateFromStore failed! - %x CertDeleteCertificateFromStore failed! - %x
2149%u KDC certificates for %ws %u KDC certificates for %ws
2150No KDC Certificate in MY store No KDC Certificate in MY store
2151No certificates in Enterprise Root store! No certificates in Enterprise Root store!
2152CertOpenStore on remote My store failed! - %x CertOpenStore on remote My store failed! - %x
2153Error Getting Archived Prop bit! - %x Error Getting Archived Prop bit! - %x
2154++ Archived Certificate ++ ++ Archived Certificate ++
2155No Autoenrolled Certificates in MY store!!! No Autoenrolled Certificates in MY store!!!
2156CertOpenStore on remote ent store failed! %x CertOpenStore on remote ent store failed! %x
2157No Autoenrollment Objects!!! No Autoenrollment Objects!!!
2158No Access! No Access!
2159Retrieve and verify AIA Certs and CDP CRLs Retrieve and verify AIA Certs and CDP CRLs
2160Defaults to Request and Certificate table
%1 -- Extension table
%2 -- Attribute table
%3 -- CRL table
Defaults to Request and Certificate table
%1 -- Extension table
%2 -- Attribute table
%3 -- CRL table
2161CA Registry Validity Period: %ws %ws CA Registry Validity Period: %ws %ws
2162Supported Certificate Templates: Supported Certificate Templates:
2163No supported Certificate Templates:: No supported Certificate Templates::
2164CA Name property fetching failed! %x CA Name property fetching failed! %x
2165CA Name: %ws CA Name: %ws
2166DNS Name property fetching failed! %x DNS Name property fetching failed! %x
2167Machine Name: %ws Machine Name: %ws
2168DS Location: %ws DS Location: %ws
2169Cert DN property fetching failed! %x Cert DN property fetching failed! %x
2170Cert DN: %ws Cert DN: %ws
2171Sig Alg property fetching failed! %x Sig Alg property fetching failed! %x
2172Supported signature algs: %ws Supported signature algs: %ws
2173No signature algs on DS! No signature algs on DS!
2174No Certificate types for this CA No Certificate types for this CA
2175No certificate type returned, although one exists! No certificate type returned, although one exists!
2176No CA's listed in the domain. The configuration might be stored in the root domain. Use the -dc option to target your root domain controller for the information. No CA's listed in the domain. The configuration might be stored in the root domain. Use the -dc option to target your root domain controller for the information.
2177Cannot access DFS share Cannot access DFS share
2178DFS Data is accessible DFS Data is accessible
2179No entries found in Ping Search! No entries found in Ping Search!
2180No DSPath for Policy [non-fatal] No DSPath for Policy [non-fatal]
2181RegQueryValue (DSPATH) failed! %x RegQueryValue (DSPATH) failed! %x
2182No FileSysPath for Policy [non-fatal] No FileSysPath for Policy [non-fatal]
2183Done. Done.
2184ldap search (%ws) found 0 items! ldap search (%ws) found 0 items!
2185=========== Root Certs in policy ================= =========== Root Certs in policy =================
2186Certificate %u: Certificate %u:
2187No Root Certificates in Policy on this machine No Root Certificates in Policy on this machine
2188Check event log for UserEnv errors! Check event log for UserEnv errors!
2189==== Policies Processed for MACHINE === ==== Policies Processed for MACHINE ===
2190==== Policies Processed for USER === ==== Policies Processed for USER ===
2191Possibly No Policies applied. See Event Log for Userenv errors! Possibly No Policies applied. See Event Log for Userenv errors!
2192Target a specific Domain Controller Target a specific Domain Controller
2193DCName DCName
2194Display Name: Display Name:
2195Computer Name: %ws Computer Name: %ws
2196User Name: %ws User Name: %ws
2197bad option bad option
2198++++++++ MACHINE: %ws ++++++++ ++++++++ MACHINE: %ws ++++++++
2199### Key: ### Key:
2200GPO Name: %ws GPO Name: %ws
2201Signature matches request Public Key Signature matches request Public Key
2202ColumnList ColumnList
2203Comma separated Column List Comma separated Column List
2204RestrictionList RestrictionList
2205Comma separated Restriction List Comma separated Restriction List
2206Machine\CAName Machine\CAName
2207CA and Machine name string CA and Machine name string
2208Display a verb list (command list) Display a verb list (command list)
2209Display help text for the "%ws" verb Display help text for the "%ws" verb
2210Display all help text for all verbs Display all help text for all verbs
2211Imported foreign certificate Imported foreign certificate
2212Imported certificate Imported certificate
2213Certificate already imported Certificate already imported
2214Archived key updated Archived key updated
2215Archived key Archived key
2216Key already archived Key already archived
2217Ignored signing certificate Ignored signing certificate
2218Users Users
2219Ignored signature certificates Ignored signature certificates
2220Certificates with keys Certificates with keys
2221Foreign certificates imported Foreign certificates imported
2222Certificates already imported Certificates already imported
2223Certificates imported Certificates imported
2224Certificates not imported Certificates not imported
2225Keys Keys
2226Keys already archived Keys already archived
2227Keys updated Keys updated
2228Keys archived Keys archived
2229Keys not archived Keys not archived
2230Merge PFX files Merge PFX files
2231PFXInFileList PFXOutFile [Modifiers] PFXInFileList PFXOutFile [Modifiers]
2232Online Online
2233OFFLINE OFFLINE
2234Previous CA Cert Hash Previous CA Cert Hash
2235Message Digest Message Digest
2236Archived Key Cert Hash Archived Key Cert Hash
2237Issued Cert Hash Issued Cert Hash
2238Encrypted Key Hash Encrypted Key Hash
2239CRL Number CRL Number
2240Minimum Base CRL Number Minimum Base CRL Number
2241Virtual Base CRL Number Virtual Base CRL Number
2242CRL Next Publish CRL Next Publish
2243Signing Time Signing Time
2244Delta CRL CDP Delta CRL CDP
2245CRL Self CDP CRL Self CDP
2246Application Policies Application Policies
2247Application Policy Mappings Application Policy Mappings
2248Application Policy Constraints Application Policy Constraints
2249Policy Mappings Policy Mappings
2250Policy Constraints Policy Constraints
2251Counter Signature Counter Signature
2252%u Machine certificates (%u archived) %u Machine certificates (%u archived)
2253for %ws for %ws
2254V1 Autoenrollment Objects: V1 Autoenrollment Objects:
2255Skipping CSP at index %u Skipping CSP at index %u
2256Provider Name: Provider Name:
2257Provider Type: Provider Type:
2258Private key verifies Private key verifies
2259Processing KMS exports from: Processing KMS exports from:
2261Encrypted key: Encrypted key:
2262Decrypted key: Decrypted key:
2263Failed to import symmetric key Failed to import symmetric key
2264Lock box opened, symmetric key successfully decrypted Lock box opened, symmetric key successfully decrypted
2265Moved AT_SIGNATURE key to AT_KEYEXCHANGE Moved AT_SIGNATURE key to AT_KEYEXCHANGE
2266Validated Cert Types Validated Cert Types
2267Cert Type Cert Type
2268==== %u CAs on %ws Domain ==== ==== %u CAs on %ws Domain ====
2269CACountCAs inconsistent with CAEnumNextCA CACountCAs inconsistent with CAEnumNextCA
2270Cached LDAP DC Cached LDAP DC
2271Current reader/card status: Current reader/card status:
2272SCardEstablishContext failed for user scope. SCardEstablishContext failed for user scope.
2273A list of smart card readers cannot be determined. A list of smart card readers cannot be determined.
2274SCardListReaders failed for SCARD_ALL_READERS SCardListReaders failed for SCARD_ALL_READERS
2275No smart card readers are currently available. No smart card readers are currently available.
2276A list of smart card readers could not be determined. A list of smart card readers could not be determined.
2277Readers: Readers:
2278--- Reader: --- Reader:
2279--- Status: --- Status:
2280No card. No card.
2281The card is unrecognized or not responding. The card is unrecognized or not responding.
2282Card is in use exclusively by another process. Card is in use exclusively by another process.
2283The card is being shared by a process. The card is being shared by a process.
2284The card is available for use. The card is available for use.
2285Card/Reader not responding. Card/Reader not responding.
2286--- Card: --- Card:
2287Unknown Card. Unknown Card.
2288Performing %ws public key matching test... Performing %ws public key matching test...
2289%ws succeeded but returned zero size %ws succeeded but returned zero size
2290Public key from KeyProvInfo container: Public key from KeyProvInfo container:
2291Public key from Cert: Public key from Cert:
2292Public key matching test succeeded Public key matching test succeeded
2293Chain on smart card is invalid Chain on smart card is invalid
2294Chain validates Chain validates
2295No %ws key for reader: No %ws key for reader:
2296Cannot open the %ws key for reader: Cannot open the %ws key for reader:
2297No %ws cert retrieved for reader: No %ws cert retrieved for reader:
2298Performing cert chain verification... Performing cert chain verification...
2299Displayed %ws cert for reader: Displayed %ws cert for reader:
2300Analyzing card in reader: Analyzing card in reader:
2301Cannot retrieve Provider Name for %ws Cannot retrieve Provider Name for %ws
2302%1 -- Failed and pending requests (submission date)
%2 -- Expired and revoked certificates (expiration date)
%3 -- Extension table
%4 -- Attribute table
%5 -- CRL table (expiration date)

To delete failed and pending requests submitted by January 22, 2001:
1/22/2001 %1
To delete all certificates that expired by January 22, 2001:
1/22/2001 %2
To delete the certificate row, attributes and extensions for RequestId 37:
37
To delete CRLs that expired by January 22, 2001:
1/22/2001 %5
%1 -- Failed and pending requests (submission date)
%2 -- Expired and revoked certificates (expiration date)
%3 -- Extension table
%4 -- Attribute table
%5 -- CRL table (expiration date)

To delete failed and pending requests submitted by January 22, 2001:
1/22/2001 %1
To delete all certificates that expired by January 22, 2001:
1/22/2001 %2
To delete the certificate row, attributes and extensions for RequestId 37:
37
To delete CRLs that expired by January 22, 2001:
1/22/2001 %5
2303All All
2305Select Certificate or CRL Select Certificate or CRL
2306Certificate Files|*.cer;*.crt|CRL Files|*.crl|| Certificate Files|*.cer;*.crt|CRL Files|*.crl||
2307cer cer
2308Convert PFX files to EPF file Convert PFX files to EPF file
2309PFXInFileList EPFOutFile [%1 | %2] [V3CACertId][,Salt] PFXInFileList EPFOutFile [%1 | %2] [V3CACertId][,Salt]
2310ERROR: Could not find a matching user or computer in Active Directory. ERROR: Could not find a matching user or computer in Active Directory.
2311KMS CA Certificate List KMS CA Certificate List
2312Select KMS CA certificate Select KMS CA certificate
2313RequestId -- numeric Request Id of a pending request
ExtensionName -- ObjectId string of the extension
Flags -- 0 is recommended. 1 makes the extension critical,
2 disables it, 3 does both.
If the last parameter is numeric, it is taken as a Long.
If it can be parsed as a date, it is taken as a Date.
If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump.
Anything else is taken as a String.
RequestId -- numeric Request Id of a pending request
ExtensionName -- ObjectId string of the extension
Flags -- 0 is recommended. 1 makes the extension critical,
2 disables it, 3 does both.
If the last parameter is numeric, it is taken as a Long.
If it can be parsed as a date, it is taken as a Date.
If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump.
Anything else is taken as a String.
2314InFileList -- comma separated list of Certificate or CRL files to modify
and re-sign
SerialNumber -- Serial number of certificate to create
Validity period and other options must not be present
%1 -- Create an empty CRL
Validity period and other options must not be present
OutFileList -- comma separated list of modified Certificate or CRL output
files. The number of files must match InFileList.
StartDate[+|-%9]+|-%9 -- new validity period: optional date plus
optional days and hours start date offset and optional
days and hours validity period
If multiple fields are used, use a (+) or (-) separator
Use "%7[+%9]" to start at the current time
Use "%7-%9+%9" to start at a fixed offset from the current
time and a fixed validity period
Use "%8" to have no expiration date (for CRLs only)
SerialNumberList -- comma separated serial number list to add or remove
ObjectIdList -- comma separated extension ObjectId list to remove
@ExtensionFile -- INF file containing extensions to update or remove:
%2
%3 Remove CRL Distribution Points extension
%4 Update Key Usage extension
%5
HashAlgorithm -- Name of the hash algorithm preceded by a # sign
%6 -- alternate Signature algorithm specifier


A minus sign causes serial numbers and extensions to be removed.
A plus sign causes serial numbers to be added to a CRL.
When removing items from a CRL, the list may contain both serial numbers
and ObjectIds.
A minus sign before %6 causes the legacy signature format to be used.
A plus sign before %6 causes the alternature signature format to be used.
If %6 is not specifed then the signature format in the certificate or CRL is used.
InFileList -- comma separated list of Certificate or CRL files to modify
and re-sign
SerialNumber -- Serial number of certificate to create
Validity period and other options must not be present
%1 -- Create an empty CRL
Validity period and other options must not be present
OutFileList -- comma separated list of modified Certificate or CRL output
files. The number of files must match InFileList.
StartDate[+|-%9]+|-%9 -- new validity period: optional date plus
optional days and hours start date offset and optional
days and hours validity period
If multiple fields are used, use a (+) or (-) separator
Use "%7[+%9]" to start at the current time
Use "%7-%9+%9" to start at a fixed offset from the current
time and a fixed validity period
Use "%8" to have no expiration date (for CRLs only)
SerialNumberList -- comma separated serial number list to add or remove
ObjectIdList -- comma separated extension ObjectId list to remove
@ExtensionFile -- INF file containing extensions to update or remove:
%2
%3 Remove CRL Distribution Points extension
%4 Update Key Usage extension
%5
HashAlgorithm -- Name of the hash algorithm preceded by a # sign
%6 -- alternate Signature algorithm specifier


A minus sign causes serial numbers and extensions to be removed.
A plus sign causes serial numbers to be added to a CRL.
When removing items from a CRL, the list may contain both serial numbers
and ObjectIds.
A minus sign before %6 causes the legacy signature format to be used.
A plus sign before %6 causes the alternature signature format to be used.
If %6 is not specifed then the signature format in the certificate or CRL is used.
2315InfoName -- indicates the CA property to display (see below)
Use "*" for all properties
Index -- optional zero-based property index
ErrorCode -- numeric error code
InfoName -- indicates the CA property to display (see below)
Use "*" for all properties
Index -- optional zero-based property index
ErrorCode -- numeric error code
2316%1 -- Use CA's registry key
%2 -- Use CA's restore registry key
%3 -- Use policy module's registry key
%4 -- Use first exit module's registry key
%5 -- Use template registry key (use -user for user templates)
%6 -- Use enrollment registry key (use -user for user context)
%7 -- Use chain configuration registry key
%8 -- Use Policy Servers registry key
%9 -- Use policy or exit module's ProgId (registry subkey name)

RegistryValueName -- registry value name (use "Name*" to prefix match)
Value -- new numeric, string or date registry value or filename.
If a numeric value starts with "+" or "-", the bits specified
in the new value are set or cleared in the existing registry value.

If a string value starts with "+" or "-", and the existing value
is a REG_MULTI_SZ value, the string is added to or removed from
the existing registry value.
To force creation of a REG_MULTI_SZ value, add a "
" to the end
of the string value.

If the value starts with "@", the rest of the value is the name
of the file containing the hexadecimal text representation
of a binary value.
If it does not refer to a valid file, it is instead parsed as
[Date][+|-][%11] -- an optional date plus or minus optional
days and hours.
If both are specified, use a plus sign (+) or minus sign (-) separator.
Use "%10+%11" for a date relative to the current time.
Use "%13" as a suffix to create a REG_QWORD value.

Use "%7\%12 @%10" to effectively flush cached CRLs.
%1 -- Use CA's registry key
%2 -- Use CA's restore registry key
%3 -- Use policy module's registry key
%4 -- Use first exit module's registry key
%5 -- Use template registry key (use -user for user templates)
%6 -- Use enrollment registry key (use -user for user context)
%7 -- Use chain configuration registry key
%8 -- Use Policy Servers registry key
%9 -- Use policy or exit module's ProgId (registry subkey name)

RegistryValueName -- registry value name (use "Name*" to prefix match)
Value -- new numeric, string or date registry value or filename.
If a numeric value starts with "+" or "-", the bits specified
in the new value are set or cleared in the existing registry value.

If a string value starts with "+" or "-", and the existing value
is a REG_MULTI_SZ value, the string is added to or removed from
the existing registry value.
To force creation of a REG_MULTI_SZ value, add a "
" to the end
of the string value.

If the value starts with "@", the rest of the value is the name
of the file containing the hexadecimal text representation
of a binary value.
If it does not refer to a valid file, it is instead parsed as
[Date][+|-][%11] -- an optional date plus or minus optional
days and hours.
If both are specified, use a plus sign (+) or minus sign (-) separator.
Use "%10+%11" for a date relative to the current time.
Use "%13" as a suffix to create a REG_QWORD value.

Use "%7\%12 @%10" to effectively flush cached CRLs.
2317%3 -- new CRL validity period in days and hours
%1 -- republish most recent CRLs
%2 -- delta CRLs only (default is base and delta CRLs)
%3 -- new CRL validity period in days and hours
%1 -- republish most recent CRLs
%2 -- delta CRLs only (default is base and delta CRLs)
2318Index -- CRL index or key index (defaults to CRL for newest key)
%1 -- delta CRL (default is base CRL)
Index -- CRL index or key index (defaults to CRL for newest key)
%1 -- delta CRL (default is base CRL)
2319CertFile -- Certificate to verify
ApplicationPolicyList -- optional comma separated list of required
Application Policy ObjectIds
IssuancePolicyList -- optional comma separated list of required Issuance
Policy ObjectIds

CACertFile -- optional issuing CA certificate to verify against
CrossedCACertFile -- optional certificate cross-certified by CertFile

CRLFile -- CRL to verify
IssuedCertFile -- optional issued certificate covered by CRLFile
DeltaCRLFile -- optional delta CRL

If ApplicationPolicyList is specified, chain building is restricted to
chains valid for the specified Application Policies.
If IssuancePolicyList is specified, chain building is restricted to chains
valid for the specified Issuance Policies.

If CACertFile is specified, fields in CACertFile are verified against
CertFile or CRLFile.
If CACertFile is not specified, CertFile is used to build and verify a full
chain.
If CACertFile and CrossedCACertFile are both specified, fields in
CACertFile and CrossedCACertFile are verified against CertFile.

If IssuedCertFile is specified, fields in IssuedCertFile are verified
against CRLFile.
If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against
CRLFile.
CertFile -- Certificate to verify
ApplicationPolicyList -- optional comma separated list of required
Application Policy ObjectIds
IssuancePolicyList -- optional comma separated list of required Issuance
Policy ObjectIds

CACertFile -- optional issuing CA certificate to verify against
CrossedCACertFile -- optional certificate cross-certified by CertFile

CRLFile -- CRL to verify
IssuedCertFile -- optional issued certificate covered by CRLFile
DeltaCRLFile -- optional delta CRL

If ApplicationPolicyList is specified, chain building is restricted to
chains valid for the specified Application Policies.
If IssuancePolicyList is specified, chain building is restricted to chains
valid for the specified Issuance Policies.

If CACertFile is specified, fields in CACertFile are verified against
CertFile or CRLFile.
If CACertFile is not specified, CertFile is used to build and verify a full
chain.
If CACertFile and CrossedCACertFile are both specified, fields in
CACertFile and CrossedCACertFile are verified against CertFile.

If IssuedCertFile is specified, fields in IssuedCertFile are verified
against CRLFile.
If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against
CRLFile.
2320KeyContainerName -- key container name of the key to verify
Defaults to machine keys. Use -user for user keys
CACertFile -- signing or encryption certificate file
If no arguments are specified, each signing CA cert is verified against its
private key.
This operation can only be performed against a local CA or local keys.
KeyContainerName -- key container name of the key to verify
Defaults to machine keys. Use -user for user keys
CACertFile -- signing or encryption certificate file
If no arguments are specified, each signing CA cert is verified against its
private key.
This operation can only be performed against a local CA or local keys.
2321CertificateStoreName -- Certificate store name. Examples:
"%1", "%2" (default), "%3",

"%10" (View Root Certificates)

"%11" (Modify Root Certificates)

"%12" (View CRLs)

"%13" (Enterprise CA Certificates)
%16 (AD machine object certificates)
%5 %16 (AD user object certificates)

CertId -- Certificate or CRL match token. This can be a serial number,
an SHA-1 certificate, CRL, CTL or public key hash,
a numeric cert index (0, 1, etc.),
a numeric CRL index (.0, .1, etc.),
a numeric CTL index (..0, ..1, etc.),
a public key, signature or extension ObjectId,
a certificate subject Common Name,
an e-mail address, UPN or DNS name,
a key container name or CSP name,
a template name or ObjectId,
an EKU or Application Policies ObjectId,
or a CRL issuer Common Name.
Many of the above may result in multiple matches.
OutputFile -- file to save matching cert
Use %5 to access a user store instead of a machine store.
Use %4 to access a machine enterprise store.
Use %14 to access a machine service store.
Use %15 to access a machine group policy store.

Examples:
%6
%7
%8
%9
CertificateStoreName -- Certificate store name. Examples:
"%1", "%2" (default), "%3",

"%10" (View Root Certificates)

"%11" (Modify Root Certificates)

"%12" (View CRLs)

"%13" (Enterprise CA Certificates)
%16 (AD machine object certificates)
%5 %16 (AD user object certificates)

CertId -- Certificate or CRL match token. This can be a serial number,
an SHA-1 certificate, CRL, CTL or public key hash,
a numeric cert index (0, 1, etc.),
a numeric CRL index (.0, .1, etc.),
a numeric CTL index (..0, ..1, etc.),
a public key, signature or extension ObjectId,
a certificate subject Common Name,
an e-mail address, UPN or DNS name,
a key container name or CSP name,
a template name or ObjectId,
an EKU or Application Policies ObjectId,
or a CRL issuer Common Name.
Many of the above may result in multiple matches.
OutputFile -- file to save matching cert
Use %5 to access a user store instead of a machine store.
Use %4 to access a machine enterprise store.
Use %14 to access a machine service store.
Use %15 to access a machine group policy store.

Examples:
%6
%7
%8
%9
2322CertificateStoreName -- Certificate store name. See -store.
InFile -- Certificate or CRL file to add to store.
CertificateStoreName -- Certificate store name. See -store.
InFile -- Certificate or CRL file to add to store.
2323CertificateStoreName -- Certificate store name. See -store.
CertId -- Certificate or CRL match token. See -store.
CertificateStoreName -- Certificate store name. See -store.
CertId -- Certificate or CRL match token. See -store.
2324BackupDirectory -- directory to store backed up data
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)
BackupDirectory -- directory to store backed up data
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)
2325BackupDirectory -- directory to store backed up database files
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)
BackupDirectory -- directory to store backed up database files
%1 -- perform incremental backup only (default is full backup)
%2 -- preserve database log files (default is to truncate log files)
2326BackupDirectory -- directory to store backed up PFX file BackupDirectory -- directory to store backed up PFX file
2327BackupDirectory -- directory containing data to be restored BackupDirectory -- directory containing data to be restored
2328BackupDirectory -- directory containing database files to be restored BackupDirectory -- directory containing database files to be restored
2329BackupDirectory -- directory containing PFX file to be restored
PFXFile -- PFX file to be restored
BackupDirectory -- directory containing PFX file to be restored
PFXFile -- PFX file to be restored
2330CertificateStoreName -- Certificate store name. See -store.
CertId -- Certificate or CRL match token. See -store.
PFXFile -- exported PFX data output file
Modifiers -- Comma separated list of one or more of the following:
%5 -- Do not export the certificate chain
%6 -- Do not export the root certificate
%9 -- Include extended properties
%10 -- Do not encrypt the certificates
%11 -- Encrypt the certificates
%12 -- Export Parameters
Defaults to personal machine store.
CertificateStoreName -- Certificate store name. See -store.
CertId -- Certificate or CRL match token. See -store.
PFXFile -- exported PFX data output file
Modifiers -- Comma separated list of one or more of the following:
%5 -- Do not export the certificate chain
%6 -- Do not export the root certificate
%9 -- Include extended properties
%10 -- Do not encrypt the certificates
%11 -- Encrypt the certificates
%12 -- Export Parameters
Defaults to personal machine store.
2331CertificateStoreName -- Certificate store name. See -store.
PFXFile -- PFX file to be imported
Modifiers -- Comma separated list of one or more of the following:
%1 -- Change the KeySpec to Signature
%2 -- Change the KeySpec to Key Exchange
%3 -- Make the private key non-exportable
%4 -- Do not import the certificate
%5 -- Do not import the certificate chain
%6 -- Do not import the root certificate
%7 -- Protect keys with password
%8 -- Do not password protect keys
Defaults to personal machine store.
CertificateStoreName -- Certificate store name. See -store.
PFXFile -- PFX file to be imported
Modifiers -- Comma separated list of one or more of the following:
%1 -- Change the KeySpec to Signature
%2 -- Change the KeySpec to Key Exchange
%3 -- Make the private key non-exportable
%4 -- Do not import the certificate
%5 -- Do not import the certificate chain
%6 -- Do not import the root certificate
%7 -- Protect keys with password
%8 -- Do not password protect keys
Defaults to personal machine store.
2332UserKeyAndCertFile -- Data file containing user private keys and
certificates to be archived. This can be any of the following:
Exchange Key Management Server (KMS) export file
PFX file
CertId -- KMS export file decryption certificate match token. See -store.
Use %1 to import certificates not issued by the CA.
UserKeyAndCertFile -- Data file containing user private keys and
certificates to be archived. This can be any of the following:
Exchange Key Management Server (KMS) export file
PFX file
CertId -- KMS export file decryption certificate match token. See -store.
Use %1 to import certificates not issued by the CA.
2333PFXInFileList -- Comma separated PFX input file list
PFXOutFile -- PFX output file
Modifiers -- Comma separated list of one or more of the following:
%9 -- Include extended properties
%10 -- Do not encrypt the certificates
%11 -- Encrypt the certificates
The password specified on the command line is a comma separated password
list. If more than one password is specified, the last password is used
for the output file. If only one password is provided or if the last
password is "*", the user will be prompted for the output file password.
PFXInFileList -- Comma separated PFX input file list
PFXOutFile -- PFX output file
Modifiers -- Comma separated list of one or more of the following:
%9 -- Include extended properties
%10 -- Do not encrypt the certificates
%11 -- Encrypt the certificates
The password specified on the command line is a comma separated password
list. If more than one password is specified, the last password is used
for the output file. If only one password is provided or if the last
password is "*", the user will be prompted for the output file password.
2334PFXInFileList -- Comma separated PFX input file list
EPF -- EPF output file
%1 -- Use CAST 64 encryption
%2 -- Use CAST 64 encryption (export)
V3CACertId -- V3 CA Certificate match token. See -store CertId description.
Salt -- EPF output file salt string
The password specified on the command line is a comma separated password
list. If more than one password is specified, the last password is used
for the output file. If only one password is provided or if the last
password is "*", the user will be prompted for the output file password.
PFXInFileList -- Comma separated PFX input file list
EPF -- EPF output file
%1 -- Use CAST 64 encryption
%2 -- Use CAST 64 encryption (export)
V3CACertId -- V3 CA Certificate match token. See -store CertId description.
Salt -- EPF output file salt string
The password specified on the command line is a comma separated password
list. If more than one password is specified, the last password is used
for the output file. If only one password is provided or if the last
password is "*", the user will be prompted for the output file password.
2335RequestId -- numeric Request Id of pending request
AttributeString -- Request Attribute name and value pairs
Names and values are colon separated.
Multiple name, value pairs are newline separated.
Example: "CertificateTemplate:User
EMail:[email protected]"
Each "
" sequence is converted to a newline separator.
RequestId -- numeric Request Id of pending request
AttributeString -- Request Attribute name and value pairs
Names and values are colon separated.
Multiple name, value pairs are newline separated.
Example: "CertificateTemplate:User
EMail:[email protected]"
Each "
" sequence is converted to a newline separator.
2336SerialNumber -- Comma separated list of certificate serial numbers to revoke
Reason -- numeric or symbolic revocation reason:
0: %1 -- Unspecified (default)
1: %2 -- Key Compromise
2: %3 -- CA Compromise
3: %4 -- Affiliation Changed
4: %5 -- Superseded
5: %6 -- Cessation of Operation
6: %7 -- Certificate Hold
8: %8 -- Remove From CRL
9: %9 -- Privilege Withdrawn
10: %10 -- AA Compromise
-1: %11 -- Unrevoke
SerialNumber -- Comma separated list of certificate serial numbers to revoke
Reason -- numeric or symbolic revocation reason:
0: %1 -- Unspecified (default)
1: %2 -- Key Compromise
2: %3 -- CA Compromise
3: %4 -- Affiliation Changed
4: %5 -- Superseded
5: %6 -- Cessation of Operation
6: %7 -- Certificate Hold
8: %8 -- Remove From CRL
9: %9 -- Privilege Withdrawn
10: %10 -- AA Compromise
-1: %11 -- Unrevoke
2337Use %1 to import the certificate in place of a pending request for the same key.
Use %2 to import certificates not issued by the CA.
The CA may also need to be configured to support foreign certificate import:
%3
Use %1 to import the certificate in place of a pending request for the same key.
Use %2 to import certificates not issued by the CA.
The CA may also need to be configured to support foreign certificate import:
%3
2338OutCACertFile -- output file
Index -- CA certificate renewal index (defaults to most recent)
OutCACertFile -- output file
Index -- CA certificate renewal index (defaults to most recent)
2339OutCACertChainFile -- output file
Index -- CA certificate renewal index (defaults to most recent)
OutCACertChainFile -- output file
Index -- CA certificate renewal index (defaults to most recent)
2340Use %2 to ignore an outstanding renewal request, and generate a new request. Use %2 to ignore an outstanding renewal request, and generate a new request.
2341Verify Certificate or CRL URLs Verify Certificate or CRL URLs
2342InFile | URL InFile | URL
2343Certificate "%ws" already in store. Certificate "%ws" already in store.
2344Certificate "%ws" added to store. Certificate "%ws" added to store.
2345CRL "%ws" already in store. CRL "%ws" already in store.
2346CRL "%ws" added to store. CRL "%ws" added to store.
2347CTL %ws already in store. CTL %ws already in store.
2348CTL %ws added to store. CTL %ws added to store.
2349KMS V1 CA Certificate List KMS V1 CA Certificate List
2350Select KMS V1 CA certificate Select KMS V1 CA certificate
2351Error message text Error message text
2352Error message text and error code Error message text and error code
2353Retrieving Retrieving
2354Success Success
2355Failed Failed
2356Verifying Verifying
2357Verify Failure Verify Failure
2358No URLs No URLs
2361Wrong Issuer Wrong Issuer
2363Revocation Check Failed Revocation Check Failed
2364No CRL No CRL
2365OK OK
2366CDP CDP
2367AIA AIA
2372Status Status
2373Type Type
2374Url Url
2375Retrieval Time Retrieval Time
2378GetObjectUrl GetObjectUrl
2379Certificate Subject Certificate Subject
2380Base CRL Issuer Base CRL Issuer
2381Delta CRL Issuer Delta CRL Issuer
2382No Selection No Selection
2383No Certificate Selected No Certificate Selected
2384Error Opening Certificate or CRL File Error Opening Certificate or CRL File
2386Error Information Error Information
2387Error retrieving URL: %ws Error retrieving URL: %ws
2388No URLs found: %ws No URLs found: %ws
2389Cannot find KMS CA certificate required to construct the EPF file.
Enroll a client in the same KMS and use Outlook to save the user keys
to an EPF file. Take the EPF file to the current machine and use certutil
to dump the EPF file. This will import the needed KMS CA certificates into
the local machine cert store, making them available to construct new EPF files.
Cannot find KMS CA certificate required to construct the EPF file.
Enroll a client in the same KMS and use Outlook to save the user keys
to an EPF file. Take the EPF file to the current machine and use certutil
to dump the EPF file. This will import the needed KMS CA certificates into
the local machine cert store, making them available to construct new EPF files.
2390%1 -- generate a script to retrieve and recover keys (default behavior
if multiple matching recovery candidates are found, or if the
output file is not specified).
%2 -- retrieve one or more Key Recovery Blobs (default behavior if
exactly one matching recovery candidate is found, and if the output
file is specified)
%3 -- retrieve and recover private keys in one step (requires Key
Recovery Agent certificates and private keys)
SearchToken -- Used to select the keys and certificates to be recovered.
Can be any of the following:
Certificate Common Name
Certificate Serial Number
Certificate SHA-1 hash (thumbprint)
Certificate KeyId SHA-1 hash (Subject Key Identifier)
Requester Name (domain\user)
UPN (user@domain)
RecoveryBlobOutFile -- output file containing a certificate chain and an
associated private key, still encrypted to one or more Key Recovery
Agent certificates.
OutputScriptFile -- output file containing a batch script to retrieve and
recover private keys.
OutputFileBaseName -- output file base name.
For %2, any extension is truncated and a certificate-specific
string and the %4 extension are appended for each key recovery
blob. Each file contains a certificate chain and an associated
private key, still encrypted to one or more Key Recovery Agent
certificates.
For %3, any extension is truncated and the %5 extension is
appended. Contains the recovered certificate chains and associated
private keys, stored as a PFX file.
%1 -- generate a script to retrieve and recover keys (default behavior
if multiple matching recovery candidates are found, or if the
output file is not specified).
%2 -- retrieve one or more Key Recovery Blobs (default behavior if
exactly one matching recovery candidate is found, and if the output
file is specified)
%3 -- retrieve and recover private keys in one step (requires Key
Recovery Agent certificates and private keys)
SearchToken -- Used to select the keys and certificates to be recovered.
Can be any of the following:
Certificate Common Name
Certificate Serial Number
Certificate SHA-1 hash (thumbprint)
Certificate KeyId SHA-1 hash (Subject Key Identifier)
Requester Name (domain\user)
UPN (user@domain)
RecoveryBlobOutFile -- output file containing a certificate chain and an
associated private key, still encrypted to one or more Key Recovery
Agent certificates.
OutputScriptFile -- output file containing a batch script to retrieve and
recover private keys.
OutputFileBaseName -- output file base name.
For %2, any extension is truncated and a certificate-specific
string and the %4 extension are appended for each key recovery
blob. Each file contains a certificate chain and an associated
private key, still encrypted to one or more Key Recovery Agent
certificates.
For %3, any extension is truncated and the %5 extension is
appended. Contains the recovered certificate chains and associated
private keys, stored as a PFX file.
2391%ws deleted from DS store. %ws deleted from DS store.
2392Forward cross cert Forward cross cert
2393Backward cross cert Backward cross cert
2397Not found Not found
2398Invalid Invalid
2399Untrusted Untrusted
2400Not loaded Not loaded
2401CA cross cert CA cross cert
2402System default Language Id: System default Language Id:
2403Version %u certificates and keys: Version %u certificates and keys:
2404Use old PFX encryption Use old PFX encryption
2405Certificate signature is valid Certificate signature is valid
2406Key usage count Key usage count
2408Not supported Not supported
2409CA cert version CA cert version
2410Enabled Active Server Pages (ASP) Enabled Active Server Pages (ASP)
2411Active Server Pages (ASP) already enabled Active Server Pages (ASP) already enabled
2412Error enabling Active Server Pages (ASP) Error enabling Active Server Pages (ASP)
2413MISSING! MISSING!
2414Sanitized CA short name (DS name) Sanitized CA short name (DS name)
2415WinINet Cache entries deleted: %u WinINet Cache entries deleted: %u
2416WinINet Cache entries: %u WinINet Cache entries: %u
2417Permitted Permitted
2418Excluded Excluded
2419IP Address IP Address
2420Mask Mask
2421URL -- cached URL
%1 -- operate on all cached CRL URLs only
%2 -- operate on all cached URLs
%3 -- delete relevant URLs from the current user's local cache
Use %4 to force fetching a specific URL and updating the cache.
URL -- cached URL
%1 -- operate on all cached CRL URLs only
%2 -- operate on all cached URLs
%3 -- delete relevant URLs from the current user's local cache
Use %4 to force fetching a specific URL and updating the cache.
2422Subtree Subtree
2423Related Certificates: Related Certificates:
2424Related CRLs: Related CRLs:
2425Exact match: Exact match:
2426Protect keys with password Protect keys with password
2427Set templates for CA Set templates for CA
2428[+ | -]TemplateList [+ | -]TemplateList
2429Adding Adding
2430Removing Removing
2431Already present Already present
2432Not present Not present
2433KMS export file signature verifies KMS export file signature verifies
2434AutoEnroll Property AutoEnroll Property
2436Authority Authority
2437Friendly Name Friendly Name
2438Token match Token match
2439Bad Asn length encoding Bad Asn length encoding
2440Asn encoding: %x extra bytes Asn encoding: %x extra bytes
2441%ws key verifies against certificate %ws key verifies against certificate
2442%ws key does not match certificate %ws key does not match certificate
2443Expected Expected
2444Public key: Public key:
2445Cert Public key: Cert Public key:
2446certificates certificates
2447Signing Signing
2448Exchange Exchange
2449LoadCert(CACrossed) returned %ws LoadCert(CACrossed) returned %ws
2450Crossed CA Cert Crossed CA Cert
2451Crossed CA Cert Serial Number: Crossed CA Cert Serial Number:
2452Crossed CA Subject name matches Cert Subject Crossed CA Subject name matches Cert Subject
2453ERROR: Crossed CA Subject name does not match Cert Subject ERROR: Crossed CA Subject name does not match Cert Subject
2454Crossed CA public key matches Cert key Crossed CA public key matches Cert key
2455ERROR: Certificate public key does NOT match Cert key ERROR: Certificate public key does NOT match Cert key
2456Crossed CA Subject Key Id matches Cert Subject Key Id Crossed CA Subject Key Id matches Cert Subject Key Id
2457ERROR: Crossed CA Key Id does not match Key Id ERROR: Crossed CA Key Id does not match Key Id
2459canonicalized canonicalized
2460A required CRL extension is missing A required CRL extension is missing
2461Verified Verified
2462Bad CA Cert Subject Bad CA Cert Subject
2463Bad Cert Issuer Bad Cert Issuer
2464Old Base CRL Old Base CRL
2465Bad Authority Key Id Bad Authority Key Id
2466No IDP Intersection No IDP Intersection
2467ERROR: CRL Issuer does not match Cert Issuer ERROR: CRL Issuer does not match Cert Issuer
2468CRL Issuer matches Cert Issuer CRL Issuer matches Cert Issuer
2469Provider Provider
2470ERROR: CRL IDP extension does not match Cert CDP ERROR: CRL IDP extension does not match Cert CDP
2471ERROR: CRL Issuer does not match Delta CRL Issuer ERROR: CRL Issuer does not match Delta CRL Issuer
2472CRL Issuer matches Delta CRL Issuer CRL Issuer matches Delta CRL Issuer
2473WARNING: CRL CA Version does not match Cert CA Version WARNING: CRL CA Version does not match Cert CA Version
2474WARNING: CRL CA Version does not match Delta CRL CA Version WARNING: CRL CA Version does not match Delta CRL CA Version
2475ERROR: CRL Number less than Delta CRL Minimum Base ERROR: CRL Number less than Delta CRL Minimum Base
2476ERROR: CRL is not a Base CRL ERROR: CRL is not a Base CRL
2477ERROR: CRL is not a Delta CRL ERROR: CRL is not a Delta CRL
2478Verifying Issued Certificate: Verifying Issued Certificate:
2479Verifying Delta CRL: Verifying Delta CRL:
2480WinHttp Cache entries deleted: %u WinHttp Cache entries deleted: %u
2481WinHttp Cache entries: %u WinHttp Cache entries: %u
2482Meta File Name: Meta File Name:
2483WinINet Cache entry: WinINet Cache entry:
2484WinHttp Cache entry: WinHttp Cache entry:
2485CAName CAName
2486MachineName MachineName
2487Time: Time:
2488Certificate AIA Certificate AIA
2489Certificate CDP Certificate CDP
2490Base CRL CDP Base CRL CDP
2491URL fetch timeout in milliseconds URL fetch timeout in milliseconds
2492Timeout Timeout
2493Cannot export public key Cannot export public key
2494Display password and private key data Display password and private key data
2495OCSP OCSP
2496Decode Error Decode Error
2497Unsuccessful Unsuccessful
2498Unsupported Unsupported
2500Invalid Signature Invalid Signature
2501OCSP Request: OCSP Request:
2502OCSP Response: OCSP Response:
2503Produced At Produced At
2504OCSP Response Entries: OCSP Response Entries:
2505OCSP Response Info OCSP Response Info
2506OCSP Request Entries: OCSP Request Entries:
2507OCSP Request Info OCSP Request Info
2508Issuer Name Hash(%ws): Issuer Name Hash(%ws):
2509Issuer Key Hash(%ws): Issuer Key Hash(%ws):
2510Serial Number Not Found Serial Number Not Found
2512Invalid Signer EKU Invalid Signer EKU
2513Signer Expired Signer Expired
2514Revoked As Of Revoked As Of
2515Certificate OCSP Certificate OCSP
2516Parse ASN.1 file Parse ASN.1 file
2517File [type] File [type]
2518DECODE ERROR! DECODE ERROR!
2519Unique container name Unique container name
2520To be backed up To be backed up
2521Expected Base CRL Expected Base CRL
2522Expected Delta CRL Expected Delta CRL
2523Default Container Default Container
2524End Of Content End Of Content
2525Install a Certification Authority on current machine Install a Certification Authority on current machine
2526Manage smart card root certificates Manage smart card root certificates
2527Root Certificate Provisioning Root Certificate Provisioning
2528%1 [%5][InputRootFile] [ReaderName]
%2 %6OutputRootFile [ReaderName]
%3 [InputRootFile | ReaderName]
%4 [ReaderName]
%1 [%5][InputRootFile] [ReaderName]
%2 %6OutputRootFile [ReaderName]
%3 [InputRootFile | ReaderName]
%4 [ReaderName]
2529Use hash of data as signature Use hash of data as signature
2530Simple container name Simple container name
2531Cipher Algorithms Cipher Algorithms
2532Hash Algorithms Hash Algorithms
2533Asymmetric Encryption Algorithms Asymmetric Encryption Algorithms
2534Secret Agreement Algorithms Secret Agreement Algorithms
2535Signature Algorithms Signature Algorithms
2536RNG Algorithms RNG Algorithms
2537Display COM registry information Display COM registry information
2538[ClassId | ProgId | DllName | *] [ClassId | ProgId | DllName | *]
2539Yes Yes
2540No No
2541Allow Allow
2542Deny Deny
2543CA Administrator CA Administrator
2544Certificate Manager Certificate Manager
2546Enroll Enroll
2547Auto-Enroll Auto-Enroll
2548Full Control Full Control
2549Write Write
2550Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks.
2551The restored CA certificate has expired. Before restarting Active Directory Certificate Services you must renew the CA certificate. The restored CA certificate has expired. Before restarting Active Directory Certificate Services you must renew the CA certificate.
2552Create/delete web virtual roots for OCSP web proxy Create/delete web virtual roots for OCSP web proxy
2554The OCSP Web Proxy already exists. The OCSP Web Proxy already exists.
2555Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES
2556SymmetricKeyAlgorithm[,KeyLength] SymmetricKeyAlgorithm[,KeyLength]
2557This verb has been restricted by Common Criteria. This verb has been restricted by Common Criteria.
2558The certification propagation service could not be contacted. Your root certificates may not be available for use. The certification propagation service could not be contacted. Your root certificates may not be available for use.
2559Content Encryption Algorithm: Content Encryption Algorithm:
2560Encode text without CR-LF characters Encode text without CR-LF characters
2561Write redirected output in Unicode Write redirected output in Unicode
2562Enumerate certificate stores Enumerate certificate stores
2563[\\MachineName] [\\MachineName]
2564MachineName -- remote machine name. MachineName -- remote machine name.
2565Use service certificate store Use service certificate store
2566Use Group Policy certificate store Use Group Policy certificate store
2567Install default certificate templates Install default certificate templates
2568CertificateStoreName -- Certificate store name. See -store.
CertIdList -- comma separated list of Certificate or CRL match tokens.
See -store's CertId description.
PropertyInfFile -- INF file containing external properties:
%1
%2 Add archived property, OR:
%3 Remove archived property

%4 "%5Friendly Name" ; Add friendly name property

%6 Add custom hexadecimal property
%7
%8

%9 Add Key Provider Information property
%10Container Name%11
%12
%13
%14
%15

%16 Add Enhanced Key Usage property
%17
%18
CertificateStoreName -- Certificate store name. See -store.
CertIdList -- comma separated list of Certificate or CRL match tokens.
See -store's CertId description.
PropertyInfFile -- INF file containing external properties:
%1
%2 Add archived property, OR:
%3 Remove archived property

%4 "%5Friendly Name" ; Add friendly name property

%6 Add custom hexadecimal property
%7
%8

%9 Add Key Provider Information property
%10Container Name%11
%12
%13
%14
%15

%16 Add Enhanced Key Usage property
%17
%18
2569Dump smart card file information Dump smart card file information
2570[ReaderName] [ReaderName]
2571Cannot read file Cannot read file
2572Successfully uncompressed Successfully uncompressed
2573Cannot uncompress file Cannot uncompress file
2574Failed to authenticate to card Failed to authenticate to card
2575Successfully authenticated to card Successfully authenticated to card
2576Reading directory Reading directory
2577Enter PIN: Enter PIN:
2578Each restriction consists of a column name, a relational operator and
a constant integer, string or date. One column name may be preceded
by a plus or minus sign to indicate the sort order.
Examples:
%1
%2
%3
Each restriction consists of a column name, a relational operator and
a constant integer, string or date. One column name may be preceded
by a plus or minus sign to indicate the sort order.
Examples:
%1
%2
%3
2579Provider Aliases: Provider Aliases:
2580Provider Module: Provider Module:
2581Display CNG Configuration Display CNG Configuration
2582Display Enrollment Policy CAs Display Enrollment Policy CAs
2583[CAName | TemplateName] [CAName | TemplateName]
2584Manage Site Names for CAs Manage Site Names for CAs
2585[%1] [SiteName]
%2 [SiteName]
%3
[%1] [SiteName]
%2 [SiteName]
%3
2586Out of date Out of date
2587Successfully updated Successfully updated
2588Update error Update error
2589Asymmetric Algorithms Asymmetric Algorithms
2590All Algorithms All Algorithms
2591Enrollment Policy Server List Enrollment Policy Server List
2592Select Policy Server Select Policy Server
2593Default Default
2594--- ATR: --- ATR:
2595Display AD templates Display AD templates
2597Display AD CAs Display AD CAs
2598[CAName] [CAName]
2599Display Enrollment Policy Display Enrollment Policy
2600Policy Server URL or Id Policy Server URL or Id
2601URLOrId URLOrId
2602DistinguishedName DistinguishedName
2603type -- numeric CRYPT_STRING_* decoding type type -- numeric CRYPT_STRING_* decoding type
2604type -- numeric CRYPT_STRING_* encoding type type -- numeric CRYPT_STRING_* encoding type
2605ERROR: Could not verify certificate public key against private key ERROR: Could not verify certificate public key against private key
2606Enrollment Policy Url Enrollment Policy Url
2607Enrollment Policy Id Enrollment Policy Id
2609Enrollment Server Url Enrollment Server Url
2610Request Id Request Id
2611Authentication Authentication
2612Url Flags Url Flags
2613Add an Enrollment Server application Add an Enrollment Server application
2614%1 | %3 | %5 [%10] [%11] %1 | %3 | %5 [%10] [%11]
2615Add an Enrollment Server application and application pool if necessary,
for the specified CA. This command does not install binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Enrollment Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- Only renewal requests can be submitted to this
CA via this URL
%11 -- Allows use of a certificate that has no
associated account in the AD. This applies only
with ClientCertificate and AllowRenewalsOnly mode.
Add an Enrollment Server application and application pool if necessary,
for the specified CA. This command does not install binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Enrollment Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- Only renewal requests can be submitted to this
CA via this URL
%11 -- Allows use of a certificate that has no
associated account in the AD. This applies only
with ClientCertificate and AllowRenewalsOnly mode.
2616Delete an Enrollment Server application Delete an Enrollment Server application
2617%1 | %3 | %5 %1 | %3 | %5
2618Delete an Enrollment Server application and application pool if necessary,
for the specified CA. This command does not remove binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Enrollment Server
%1 -- %2
%3 -- %4
%5 -- %6.
Delete an Enrollment Server application and application pool if necessary,
for the specified CA. This command does not remove binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Enrollment Server
%1 -- %2
%3 -- %4
%5 -- %6.
2619Install succeeded with warnings: %ws Install succeeded with warnings: %ws
2620UnInstall succeeded with warnings: %ws UnInstall succeeded with warnings: %ws
2621Smart Card Serial Number: Smart Card Serial Number:
2622ObjectId ObjectId
2623ObjectIds ObjectIds
2628CA CA
2629CAs CAs
2630Use anonymous SSL credentials Use anonymous SSL credentials
2631Use Kerberos SSL credentials Use Kerberos SSL credentials
2632Use X.509 Certificate SSL credentials Use X.509 Certificate SSL credentials
2633ClientCertId ClientCertId
2634Use named account for SSL credentials Use named account for SSL credentials
2635UserName UserName
2636Conflicting SSL credentials Conflicting SSL credentials
2638Select client authentication certificate Select client authentication certificate
2639CA locale name CA locale name
2640Display, add or delete enrollment server URLs associated with a CA Display, add or delete enrollment server URLs associated with a CA
2641[URL AuthenticationType [Priority] [Modifiers]]
URL %9
[URL AuthenticationType [Priority] [Modifiers]]
URL %9
2642AuthenticationType -- Specify one of the following client authentication methods while adding a URL
%1 -- %2
%3 -- %4
%5 -- %6
%7 -- %8.
%9 -- deletes the specified URL associated with the CA.
Priority -- defaults to '1' if not specified when adding a URL.
Modifiers -- Comma separated list of one or more of the following:
%10 -- Only renewal requests can be submitted to this
CA via this URL
%11 -- Allows use of a certificate that has no
associated account in the AD. This applies only with
ClientCertificate and AllowRenewalsOnly Mode.
AuthenticationType -- Specify one of the following client authentication methods while adding a URL
%1 -- %2
%3 -- %4
%5 -- %6
%7 -- %8.
%9 -- deletes the specified URL associated with the CA.
Priority -- defaults to '1' if not specified when adding a URL.
Modifiers -- Comma separated list of one or more of the following:
%10 -- Only renewal requests can be submitted to this
CA via this URL
%11 -- Allows use of a certificate that has no
associated account in the AD. This applies only with
ClientCertificate and AllowRenewalsOnly Mode.
2643Priority Priority
2644Display or delete Enrollment Policy Cache entries Display or delete Enrollment Policy Cache entries
2646%1 -- delete Policy Server cache entries
%2 -- use %2 to delete all cache entries.
%1 -- delete Policy Server cache entries
%2 -- use %2 to delete all cache entries.
2647NextUpdate NextUpdate
2648LastUpdate LastUpdate
2650Id Id
2652Path Path
2654AllowUntrustedCA AllowUntrustedCA
2656Cache file exists Cache file exists
2657Deleting cache entry! Deleting cache entry!
2658No cache file No cache file
2659Url does NOT match cache file name Url does NOT match cache file name
2660Cache Directory Cache Directory
2661Orphaned Cache file Orphaned Cache file
2662Display, add or delete Credential Store entries Display, add or delete Credential Store entries
2663[URL]
URL %3
URL %1
[URL]
URL %3
URL %1
2664URL -- target URL. Use %4 to match all entries
Use %5 to match a URL prefix
%3 -- add a Credential Store entry
SSL credentials must also be specified
%1 -- delete Credential Store entries
%2 -- use %2 to overwrite an entry or to delete multiple entries.
URL -- target URL. Use %4 to match all entries
Use %5 to match a URL prefix
%3 -- add a Credential Store entry
SSL credentials must also be specified
%1 -- delete Credential Store entries
%2 -- use %2 to overwrite an entry or to delete multiple entries.
2665Enforce UTF-8 Enforce UTF-8
2666Name Name
2671Credential Credential
2672Credentials Credentials
2673Enrollment Certificate Enrollment Certificate
2674Enrollment Username/Password Enrollment Username/Password
2675SchemaId SchemaId
2676Properties Properties
2678Setting Setting
2679Indefinite Length Indefinite Length
2680%1 -- Delete all keys on the smart card %1 -- Delete all keys on the smart card
2681================ Url %d ================ ================ Url %d ================
2682ERROR: Container name inconsistent ERROR: Container name inconsistent
2683For selection U/I, use %3%1 %3
For all Policy Servers, use %3%1 %2
For selection U/I, use %3%1 %3
For all Policy Servers, use %3%1 %2
2684For selection U/I, use %2%1 %2 For selection U/I, use %2%1 %2
2686WARNING: CA certificate expires before registry validity period. WARNING: CA certificate expires before registry validity period.
2687Added Added
2688Anonymous Anonymous
2689Kerberos Kerberos
2691Username Username
2693Web Enrollment Servers: Web Enrollment Servers:
2694Matches Matches
2695You must install the Certificate Enrollment Web Service using Server Manager or ServerManagerCmd.exe before adding an enrollment server application. You must install the Certificate Enrollment Web Service using Server Manager or ServerManagerCmd.exe before adding an enrollment server application.
2696To import a foreign certificate, see %ws To import a foreign certificate, see %ws
2697Enrollment Server Authentication Enrollment Server Authentication
2698Add a Policy Server application Add a Policy Server application
2699%1 | %3 | %5 [%10] %1 | %3 | %5 [%10]
2700Add a Policy Server application and application pool if necessary. This command
does not install binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Policy Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- Only policies that contain KeyBasedRenewal
templates are returned to the client. This flag
applies only for UserName and ClientCertificate
authentication.
Add a Policy Server application and application pool if necessary. This command
does not install binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Policy Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- Only policies that contain KeyBasedRenewal
templates are returned to the client. This flag
applies only for UserName and ClientCertificate
authentication.
2701Delete a Policy Server application Delete a Policy Server application
2703Delete a Policy Server application and application pool if necessary. This
command does not remove binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Policy Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- KeyBasedRenewal policy server.
Delete a Policy Server application and application pool if necessary. This
command does not remove binaries or packages
One of the following authentication methods with which the client connects
to a Certificate Policy Server
%1 -- %2
%3 -- %4
%5 -- %6
%10 -- KeyBasedRenewal policy server.
2704You must install the Certificate Enrollment Policy Web Service using Server Manager or ServerManagerCmd.exe before adding a policy server application. You must install the Certificate Enrollment Policy Web Service using Server Manager or ServerManagerCmd.exe before adding a policy server application.
2705ERROR: Signed signature algorithm conflict ERROR: Signed signature algorithm conflict
2706ERROR: Signed signature parameter conflict ERROR: Signed signature parameter conflict
2707AllowRenewalsOnly AllowRenewalsOnly
2708AllowKeyBasedRenewal AllowKeyBasedRenewal
2709Write output file in Unicode Write output file in Unicode
2710Subject Template OIDs Subject Template OIDs
2711ERROR: The password you specified is incorrect.
However, you have permission to access the PFX without a password.
Re-run the command without specifying a password.
ERROR: The password you specified is incorrect.
However, you have permission to access the PFX without a password.
Re-run the command without specifying a password.
2712PFX protected password: "%ws"
PFX protected password: "%ws"
2713The PFX protected password is incorrectly stored in the PFX file. It is:
The PFX protected password is incorrectly stored in the PFX file. It is:
2714PFX protected to:
PFX protected to:
2715AND AND
2716OR OR
2717Successfully deleted Successfully deleted
2718Already deleted Already deleted
2719Set, Verify or Delete CA site names
Use the %4 option to target a single CA (Default is all CAs)
SiteName is allowed only when targeting a single CA
Use %5 to override validation errors for the specified SiteName
Use %5 to delete all CA site names
Set, Verify or Delete CA site names
Use the %4 option to target a single CA (Default is all CAs)
SiteName is allowed only when targeting a single CA
Use %5 to override validation errors for the specified SiteName
Use %5 to delete all CA site names
2720Specified and Detected site names conflict Specified and Detected site names conflict
2721Existing Existing
2722Detected Detected
2723SKIPPED SKIPPED
2724[MaxSecondsToWait | CAMachineList] [MaxSecondsToWait | CAMachineList]
2725CAMachineList -- Comma-separated CA machine name list
For a single machine, use a terminating comma
Displays the site cost for each CA machine
CAMachineList -- Comma-separated CA machine name list
For a single machine, use a terminating comma
Displays the site cost for each CA machine
2726ERROR: missing key association property ERROR: missing key association property
2727Name Hash(%ws): Name Hash(%ws):
2728Signature Hash: Signature Hash:
2729Cached Key Identifier: Cached Key Identifier:
2730No container name match No container name match
2731ERROR: wrong KeyId! ERROR: wrong KeyId!
2732Found exact match Found exact match
2733No KeyId match No KeyId match
2734WARNING: different container name! WARNING: different container name!
2735Comma separated SAM Name/SID List Comma separated SAM Name/SID List
2736SAMNameAndSIDList SAMNameAndSIDList
2738Decrypted Decrypted
2739Full query results Full query results
2740Full Results Full Results
2741Key Query Key Query
2742Key Recovery Errors Key Recovery Errors
2743Key Blob Key Blob
2744Key Handle Key Handle
2745Key State Key State
2748No archived key to recover. No archived key to recover.
2749Recovery Recovery
2750Retrieval Retrieval
2751end end
2752start start
2753Queries Queries
2754Query matches Query matches
2755Recovered Recovered
2756Recovered Certificates Recovered Certificates
2757Recovered key files Recovered key files
2758Recovery blobs retrieved Recovery blobs retrieved
2759Recovery Candidates Recovery Candidates
2760Recovery Errors Recovery Errors
2761Recovery Result Recovery Result
2762Retrieved key files Retrieved key files
2763Retrieved Keys Retrieved Keys
2764Retrieved, but not Recovered Retrieved, but not Recovered
2765Rows Rows
2766Rows (no key) Rows (no key)
2767Script file Script file
2768State State
2769Token Query Token Query
2770Total Queries Total Queries
2772Smart Card PIN Smart Card PIN
2773Missing output script filename. Missing output script filename.
2774Missing output file base name. Missing output file base name.
2775Use %ws to delete all entries. Use %ws to delete all entries.
2776Error saving key data Error saving key data
2777One of the following Key Recovery Agent certificates is required to recover the key: One of the following Key Recovery Agent certificates is required to recover the key:
2779Private key is NOT plain text exportable Private key is NOT plain text exportable
2780Recovery blob file Recovery blob file
2781Verify AuthRoot or Disallowed Certificates CTL Verify AuthRoot or Disallowed Certificates CTL
2782CTLObject [CertDir] [CertFile] CTLObject [CertDir] [CertFile]
2783CTLObject -- Identifies the CTL to verify:
%1 -- read AuthRoot CAB and matching certificates from the URL
cache. Use %5 to download from Windows Update instead.

%2 -- read Disallowed Certificates CAB and disallowed
certificate store file from the URL cache. Use %5 to download
from Windows Update instead.

%7 -- read PinRules CAB from the URL cache. Use %5 to download
from Windows Update instead.

%3 -- read registry cached AuthRoot CTL. Use with %5 and a
CertFile that is not already trusted to force updating the
registry cached AuthRoot and Disallowed Certificate CTLs.

%4 -- read registry cached Disallowed Certificates CTL.
%5 has the same behavior as with %3.

%8 -- read registry cached PinRules CTL.
%5 has the same behavior as with %7.

CTLFileName -- file or %6 path to CTL or CAB

CertDir -- folder containing certificates matching CTL entries
An %6 folder path must end with a path separator.
If a folder is not specified with %3 or %4, multiple
locations will be searched for matching certificates: local
certificate stores, crypt32.dll resources and the local URL cache.
Use %5 to download from Windows Update when necessary.
Otherwise defaults to the same folder or web site as the CTLObject.

CertFile -- file containing certificate(s) to verify. Certificates
will be matched against CTL entries, and match results displayed.
Suppresses most of the default output.
CTLObject -- Identifies the CTL to verify:
%1 -- read AuthRoot CAB and matching certificates from the URL
cache. Use %5 to download from Windows Update instead.

%2 -- read Disallowed Certificates CAB and disallowed
certificate store file from the URL cache. Use %5 to download
from Windows Update instead.

%7 -- read PinRules CAB from the URL cache. Use %5 to download
from Windows Update instead.

%3 -- read registry cached AuthRoot CTL. Use with %5 and a
CertFile that is not already trusted to force updating the
registry cached AuthRoot and Disallowed Certificate CTLs.

%4 -- read registry cached Disallowed Certificates CTL.
%5 has the same behavior as with %3.

%8 -- read registry cached PinRules CTL.
%5 has the same behavior as with %7.

CTLFileName -- file or %6 path to CTL or CAB

CertDir -- folder containing certificates matching CTL entries
An %6 folder path must end with a path separator.
If a folder is not specified with %3 or %4, multiple
locations will be searched for matching certificates: local
certificate stores, crypt32.dll resources and the local URL cache.
Use %5 to download from Windows Update when necessary.
Otherwise defaults to the same folder or web site as the CTLObject.

CertFile -- file containing certificate(s) to verify. Certificates
will be matched against CTL entries, and match results displayed.
Suppresses most of the default output.
2784ERROR: Signature chain certificate not present in image: %ws ERROR: Signature chain certificate not present in image: %ws
2785ERROR: Extra signature chain certificate in image: %ws ERROR: Extra signature chain certificate in image: %ws
2786ERROR: Extra application policy: %ws ERROR: Extra application policy: %ws
2787ERROR: Missing application policy: %ws ERROR: Missing application policy: %ws
2788Result: Certificate exact match found Result: Certificate exact match found
2789Result: Certificate match found Result: Certificate match found
2790Result: Certificate match NOT found Result: Certificate match NOT found
2791Result: Certificate public key collision Result: Certificate public key collision
2792OCSP URLs OCSP URLs
2793AIA URLs AIA URLs
2794CDP URLs CDP URLs
2795Certificates that do not belong to the targeted CTL: %u Certificates that do not belong to the targeted CTL: %u
2796Default is to display DC certificates without verification Default is to display DC certificates without verification
2797%ws failed with error: %ws failed with error:
2798Loading Loading
2799Cert[%u]: references: Cert[%u]: references:
2800CTL[%u]: matches: CTL[%u]: matches:
2801Less than %ws Less than %ws
2802Strong Signature verification not supported Strong Signature verification not supported
2803Strong Signature error: Strong Signature error:
2804Legacy Signature error: Legacy Signature error:
2805Counter Signed!: Counter Signed!:
2806Authenticated attribute!: Authenticated attribute!:
2807Critical Extension Critical Extension
2808%u of %u entries present %u of %u entries present
2809Certificates to match: Certificates to match:
2810Legacy signatures: Legacy signatures:
2811Strong signatures: Strong signatures:
2812Missing Enhanced Key Usage property Missing Enhanced Key Usage property
2813PIN PIN
2814Signing certificate Signing certificate
2815CertId CertId
2816Sync with Windows Update Sync with Windows Update
2817DestinationDir DestinationDir
2818DestinationDir -- folder to copy to.
The following files are downloaded from Windows Update:
%1 - contains CTL of Third Party Roots.
%2 - contains CTL of Disallowed Certificates.
%3 - Disallowed Certificates.
%4 - contains CTL of SSL Pin Rules.
%5 - Pin Rules Certificates.
.crt - Third Party Roots.
DestinationDir -- folder to copy to.
The following files are downloaded from Windows Update:
%1 - contains CTL of Third Party Roots.
%2 - contains CTL of Disallowed Certificates.
%3 - Disallowed Certificates.
%4 - contains CTL of SSL Pin Rules.
%5 - Pin Rules Certificates.
.crt - Third Party Roots.
2819Generate SST from Windows Update Generate SST from Windows Update
2820SSTFile SSTFile
2821SSTFile -- %1 file to be created.
The generated %1 file contains the Third Party Roots
downloaded from Windows Update.
SSTFile -- %1 file to be created.
The generated %1 file contains the Third Party Roots
downloaded from Windows Update.
2822Updating Updating
2823"%ws" exists. Use "%ws" option to force overwrite. "%ws" exists. Use "%ws" option to force overwrite.
2824Warning! Encountered the following no longer trusted roots: Warning! Encountered the following no longer trusted roots:
2825Use "%ws" options to force the delete of the above "%ws" files.
Was "%ws" updated?
If yes, consider deferring the delete until all clients have been updated.
Use "%ws" options to force the delete of the above "%ws" files.
Was "%ws" updated?
If yes, consider deferring the delete until all clients have been updated.
2826Enabling temporary auto root update. Enabling temporary auto root update.
2827Restoring disable of auto root update. Restoring disable of auto root update.
2828Cannot enable auto root update in the registry.
Are you running as elevated administrator?
Cannot enable auto root update in the registry.
Are you running as elevated administrator?
2829No Updates! No Updates!
2830Added %d files. Updated %d files. Added %d files. Updated %d files.
2831Updated SST file. Updated SST file.
2832Display Trusted Platform Module Information Display Trusted Platform Module Information
2833CA Exchange Cert Hash CA Exchange Cert Hash
2834Verify Key Attestation Request Verify Key Attestation Request
2835RequestFile RequestFile
2836Manufacturer Endorsement Key Certificates Manufacturer Endorsement Key Certificates
2837Other Endorsement Key Certificates Other Endorsement Key Certificates
2838Challenge Pending Challenge Pending
2839Challenge Satisfied Challenge Satisfied
2840Trust On Use Trust On Use
2841Trust Endorsement Certificate Trust Endorsement Certificate
2842Trust Endorsement Key Trust Endorsement Key
2843Nonce digest Nonce digest
2844Attestation successful. Attestation successful.
2845Secret Secret
2846Decrypted EKInfo Decrypted EKInfo
2847EK Public Key EK Public Key
2848Activation Activation
2849Decrypted Secret Decrypted Secret
2850Activation successful. Activation successful.
2851Writing Writing
2852Cannot fetch EK public key Cannot fetch EK public key
2853EK KeyId(%ws): EK KeyId(%ws):
2854%1 %1
2855Numeric SID Numeric SID
2856%2 -- Local System
%3 -- Local Service
%4 -- Network Service
%2 -- Local System
%3 -- Local Service
%4 -- Network Service
2857Hash algorithms: Hash algorithms:
2858No Manufacturer Endorsement Key Certificates No Manufacturer Endorsement Key Certificates
2859No Other Endorsement Key Certificates No Other Endorsement Key Certificates
2860Resource Resource
2861Updated DS Template and security descriptor Updated DS Template and security descriptor
2862Modifiers: Modifiers:
2863End Entity certificate only End Entity certificate only
2864Exclude root certificate Exclude root certificate
2865Certificates: Not Encrypted Certificates: Not Encrypted
2866Enabling temporary Pin Rules auto update. Enabling temporary Pin Rules auto update.
2867Restoring disable of Pin Rules auto update. Restoring disable of Pin Rules auto update.
2868Cannot enable Pin Rules auto update in the registry.
Are you running as elevated administrator?
Cannot enable Pin Rules auto update in the registry.
Are you running as elevated administrator?
2869Add ECC Curve Add ECC Curve
2870[CurveClass:]CurveName CurveParameters [CurveOID] [CurveType] [CurveClass:]CurveName CurveParameters [CurveOID] [CurveType]
2871
CurveClass: -- ECC Curve Class Type:
- %1 [Default]
- %2
- %3

CurveName -- ECC Curve Name

CurveParameters -- ECC Curve Parameters. It is one of the following
- Certificate Filename Containing ASN Encoded Parameters
- File Containing ASN Encoded Parameters

CurveOID -- ECC Curve OID. It is one of the following:
- Certificate Filename Containing ASN Encoded OID
- Explicit ECC Curve OID

CurveType -- Schannel ECC NamedCurve Point (Numeric)

CurveClass: -- ECC Curve Class Type:
- %1 [Default]
- %2
- %3

CurveName -- ECC Curve Name

CurveParameters -- ECC Curve Parameters. It is one of the following
- Certificate Filename Containing ASN Encoded Parameters
- File Containing ASN Encoded Parameters

CurveOID -- ECC Curve OID. It is one of the following:
- Certificate Filename Containing ASN Encoded OID
- Explicit ECC Curve OID

CurveType -- Schannel ECC NamedCurve Point (Numeric)
2872Delete ECC Curve Delete ECC Curve
2873CurveName | CurveOID CurveName | CurveOID
2874CurveName -- ECC Curve Name
CurveOID -- ECC Curve OID
CurveName -- ECC Curve Name
CurveOID -- ECC Curve OID
2875Display ECC Curve Display ECC Curve
2876[CurveName | CurveOID] [CurveName | CurveOID]
2877CurveName -- ECC Curve name
CurveOID -- ECC Curve OID
CurveName -- ECC Curve name
CurveOID -- ECC Curve OID
2878ECC Curve Parameters ECC Curve Parameters
2879CNG Parameters Blob CNG Parameters Blob
2880ASN Parameters Blob ASN Parameters Blob
2881Public Key Length Public Key Length
2900Generate Pin Rules CTL Generate Pin Rules CTL
2901XMLFile CTLFile [SSTFile [QueryFilesPrefix]] XMLFile CTLFile [SSTFile [QueryFilesPrefix]]
2902XMLFile -- input XML file to be parsed.
CTLFile -- output CTL file to be generated.
SSTFile -- optional %1 file to be created.
The %1 file contains all of the certificates
used for pinning.
QueryFilesPrefix -- optional %2 and %3 files to be created for database query.
The QueryFilesPrefix string is prepended to each created file.
The %2 file contains rule name, domain rows.
The %3 file contains rule name, key SHA256 thumbprint rows.
XMLFile -- input XML file to be parsed.
CTLFile -- output CTL file to be generated.
SSTFile -- optional %1 file to be created.
The %1 file contains all of the certificates
used for pinning.
QueryFilesPrefix -- optional %2 and %3 files to be created for database query.
The QueryFilesPrefix string is prepended to each created file.
The %2 file contains rule name, domain rows.
The %3 file contains rule name, key SHA256 thumbprint rows.
2903SSL Policy matching ServerName SSL Policy matching ServerName
2904ServerName ServerName
2905Warning = Unable to verify downloaded Pin Rules on this version of Windows.
Will continue. Recommend running on a later version of Windows.
Warning = Unable to verify downloaded Pin Rules on this version of Windows.
Will continue. Recommend running on a later version of Windows.
2911Warning Warning
2913Encoding Encoding
2914Parsing Parsing
2915Matching Matching
2916Skipping Skipping
2917Getting Getting
2918Add Existing Add Existing
2919Add New Add New
2920Removing Duplicate Removing Duplicate
2921Skipping Element Skipping Element
2922Only Allow Only Allow
2923Elements Elements
2924Element Counts Element Counts
2925Duplicate Element Duplicate Element
2926Negative duration value Negative duration value
2927Not supported years or months duration value Not supported years or months duration value
2928Write Query Files Write Query Files
2929XML Parser Error Details XML Parser Error Details
2930Save To SST File Save To SST File
2931Finding Element: %ws Finding Element: %ws
2932Query Element: %ws Query Element: %ws
2933Getting %ws Element Count Getting %ws Element Count
2934Parsing Element: %ws Attributes Parsing Element: %ws Attributes
2935Duplicate = Removing %ws Matching %ws Duplicate = Removing %ws Matching %ws
2936Missing from other %ws Elements Missing from other %ws Elements
2937No %ws Elements No %ws Elements
2938Opening = Element: %ws %ws: %ws Opening = Element: %ws %ws: %ws
2939Enumerating = Element: %ws %ws: %ws Enumerating = Element: %ws %ws: %ws
2940Duplicate Attribute Value = %ws: %ws in Elements: %ws and %ws Duplicate Attribute Value = %ws: %ws in Elements: %ws and %ws
2941Normalize Attribute = Element: %ws Attribute: %ws: Value: %ws to %ws Normalize Attribute = Element: %ws Attribute: %ws: Value: %ws to %ws
2942Failed = Duplicate Attribute %ws: %hs in Element: %ws Failed = Duplicate Attribute %ws: %hs in Element: %ws
2943Failed = Element: %ws has no %ws Elements Failed = Element: %ws has no %ws Elements
2944Warning = Element: %ws has no %ws Elements Warning = Element: %ws has no %ws Elements
2945Failed = Missing Element: %ws Failed = Missing Element: %ws
2946Failed = Element: %ws has invalid Attribute: %ws Failed = Element: %ws has invalid Attribute: %ws
2947Failed = Element: %ws Attribute: %ws has invalid Value: %ws Failed = Element: %ws Attribute: %ws has invalid Value: %ws
2948Failed = Element: %ws has invalid Attribute: %ws with Reason: Failed = Element: %ws has invalid Attribute: %ws with Reason:
2949Failed = Element: %ws Attribute: %ws has invalid Value: %ws with Reason: Failed = Element: %ws Attribute: %ws has invalid Value: %ws with Reason:
2950Failed = Element: %ws is missing Attribute: %ws Failed = Element: %ws is missing Attribute: %ws
2951Duplicate Attribute Value %ws: %hs in Elements: %ws and %ws Duplicate Attribute Value %ws: %hs in Elements: %ws and %ws
2952Warning = No %ws certificates to save to SST File Warning = No %ws certificates to save to SST File
2953AlternateStorageLocation AlternateStorageLocation
2954AIK Public Key AIK Public Key
2955AIK KeyId(%ws): AIK KeyId(%ws):
2956Download OCSP Responses and Write to Directory Download OCSP Responses and Write to Directory
2957CertificateDir OcspDir [ThreadCount] [Modifiers] CertificateDir OcspDir [ThreadCount] [Modifiers]
2958CertificateDir -- directory of certificate, store and PFX files.
OcspDir -- directory to write OCSP responses.
ThreadCount -- optional maximum number of threads for concurrent downloading. Default is 10.
Modifiers -- Comma separated list of one or more of the following:
%1 -- Download once and exit
%2 -- Read from OcspDir instead of writing
By default, certutil won't exit and must be explicitly terminated.
CertificateDir -- directory of certificate, store and PFX files.
OcspDir -- directory to write OCSP responses.
ThreadCount -- optional maximum number of threads for concurrent downloading. Default is 10.
Modifiers -- Comma separated list of one or more of the following:
%1 -- Download once and exit
%2 -- Read from OcspDir instead of writing
By default, certutil won't exit and must be explicitly terminated.
2959Check certificate files in directory Check certificate files in directory
2960No Downloads! No Downloads!
2961Wait forever for downloads Wait forever for downloads
2962Failed = downloadOcsp option not supported on this version of Windows. Failed = downloadOcsp option not supported on this version of Windows.
2963With previous RemainingMinutes: %d downloaded new OCSP response with ThisUpdate: %ws NextUpdate: %ws With previous RemainingMinutes: %d downloaded new OCSP response with ThisUpdate: %ws NextUpdate: %ws
2964Open OCSP subject certificate file Open OCSP subject certificate file
2965Remove OCSP subject certificate file Remove OCSP subject certificate file
2966Add OCSP response file Add OCSP response file
2967Remove OCSP response file Remove OCSP response file
2968Waiting for %d download OCSP reponses to complete Waiting for %d download OCSP reponses to complete
2969Downloaded OCSP Responses Downloaded OCSP Responses
2970Milliseconds: %d ThisUpdate: %ws NextUpdate: %ws RemainingMinutes: %d Milliseconds: %d ThisUpdate: %ws NextUpdate: %ws RemainingMinutes: %d
2971Total: %d Downloaded: %d Warnings: %d Pending: %d Errors: %d Maximum Thread Count: %d Total: %d Downloaded: %d Warnings: %d Pending: %d Errors: %d Maximum Thread Count: %d
2972Error = Download OCSP response. %ws Error = Download OCSP response. %ws
2973Error = Write OCSP response file. %ws Error = Write OCSP response file. %ws
2974Error = Missing issuer certificate Error = Missing issuer certificate
2975Error = Open OCSP subject certificate file. %ws Error = Open OCSP subject certificate file. %ws
2976Error = Pending OCSP response download Error = Pending OCSP response download
2977Warning = No OCSP subject certificates in file Warning = No OCSP subject certificates in file
2978Warning = Duplicate OCSP response file Warning = Duplicate OCSP response file
2979Warning = OCSP not supported for certificate Warning = OCSP not supported for certificate
2980test passed test passed
2981test FAILED test FAILED
2982test skipped test skipped
2983Key Encryption Algorithm: Key Encryption Algorithm:
2984Encrypted Key: Encrypted Key:
2985[TaskName [SRKThumbprint]] [TaskName [SRKThumbprint]]
2986TaskName -- task to trigger
%1 -- NGC Key Pregen task
%2 -- NGC AIK certificate enrollment task.
defaults to autoenrollment event.
SRKThumbprint -- Thumprint of Storage Root Key
TaskName -- task to trigger
%1 -- NGC Key Pregen task
%2 -- NGC AIK certificate enrollment task.
defaults to autoenrollment event.
SRKThumbprint -- Thumprint of Storage Root Key
2987AIK Certificates AIK Certificates
2988No AIK Certificates No AIK Certificates
2989Reason: Privilege Withdrawn Reason: Privilege Withdrawn
2990Reason: AA Compromise Reason: AA Compromise
2991Cannot import private key Cannot import private key
2992count count
2993Cannot decrypt content Cannot decrypt content
2994Decrypted content Decrypted content
2995Unprotected attributes Unprotected attributes
2996Computed Computed
2997Iteration count Iteration count
2998Local Key Id: Local Key Id:
2999Invalid Template Invalid Template
3100PKCS Attributes: PKCS Attributes:
3101Verified Extended Validation (EV) Policies Verified Extended Validation (EV) Policies
3102Extended Validation Certificate Extended Validation Certificate
3103Strong signature verification Strong signature verification
3104Must chain to a Microsoft root Must chain to a Microsoft root
3105Must chain to a Microsoft test root Must chain to a Microsoft test root
3106Must chain to a Microsoft application root Must chain to a Microsoft application root
3107Enforce Extended Validation Policy Enforce Extended Validation Policy
3108Detached signature matches Public Key Detached signature matches Public Key
3109Generate HPKP header using certificates in specified file or directory Generate HPKP header using certificates in specified file or directory
3110CertFileOrDir MaxAge [ReportUri] [Modifiers] CertFileOrDir MaxAge [ReportUri] [Modifiers]
3111CertFileOrDir -- file or directory of certificates. Source of pin-sha256.
MaxAge -- max-age value in seconds.
ReportUri -- optional report-uri.
Modifiers -- Comma separated list of one or more of the following:
%1 -- append includeSubDomains.
CertFileOrDir -- file or directory of certificates. Source of pin-sha256.
MaxAge -- max-age value in seconds.
ReportUri -- optional report-uri.
Modifiers -- Comma separated list of one or more of the following:
%1 -- append includeSubDomains.
3112Error = Open certificate file. %ws Error = Open certificate file. %ws
3113Success = Open certificate file: %ws Success = Open certificate file: %ws
3114Skipping = Duplicate: %ws Skipping = Duplicate: %ws
3115Error = No certificates Error = No certificates
3116Registry Aliases: Registry Aliases:
3117Indirect key name Indirect key name
3118================ Begin force NCrypt ================ ================ Begin force NCrypt ================
3119---------------- End force NCrypt ---------------- ---------------- End force NCrypt ----------------
3120================ Begin Passport Key ================ ================ Begin Passport Key ================
3121---------------- End Passport Key ---------------- ---------------- End Passport Key ----------------
3122invoke CryptUI invoke CryptUI
3123File [%1] File [%1]
3124Thumbprint Thumbprint
4000Certificate Enrollment - Username/Password Credential Certificate Enrollment - Username/Password Credential
4001Certificate Enrollment - Certificate Credential Certificate Enrollment - Certificate Credential
4050Select Certification Authority Select Certification Authority
4051Select a Certification Authority to send the request. Select a Certification Authority to send the request.
52737Invalid Schema , Message Format Error from server. Invalid Schema , Message Format Error from server.
52738Server failed to authenticate the user. Server failed to authenticate the user.
52739User is not authorized to enroll. User is not authorized to enroll.
52742Unhandled exception from server. Unhandled exception from server.
52747Redirection is needed and redirected location is not a wellknown server Redirection is needed and redirected location is not a wellknown server
52748Discovery failed Discovery failed
52750Registration quota reached Registration quota reached
52751Operation successful but the machine requires a reboot Operation successful but the machine requires a reboot
52752The AIK certificate is not valid or trusted The AIK certificate is not valid or trusted
52753The attestation statement of the transport key is invalid The attestation statement of the transport key is invalid
52754Server returned a bad message error Server returned a bad message error
52755Tenant Id is not found in the token Tenant Id is not found in the token
52756User Sid is not found in the token User Sid is not found in the token
52757The device is required to be classic domain joined The device is required to be classic domain joined
52758Some join information cannot be read from the device Some join information cannot be read from the device
52763The device is not joined to AAD The device is not joined to AAD
52764The client timed out while waiting for a server response. The client timed out while waiting for a server response.
52770The token does not contain device ID The token does not contain device ID
52771The operation requires multi-factor authentication The operation requires multi-factor authentication
52772The specified user cannot be found The specified user cannot be found
52773Server is busy Server is busy
52774The NGC key is already registered The NGC key is already registered
52775The graph directory request is bad The graph directory request is bad
52776The graph request failed with replica unavailable The graph request failed with replica unavailable
52777The graph request was throttled by server The graph request was throttled by server
52778The graph request was denied The graph request was denied
52779TPM lockout or some other crypto layer issue. TPM lockout or some other crypto layer issue.
52780The device key is missing. The device key is missing.
52781The web server returned an error (non 200) The web server returned an error (non 200)
52782The web server returned success, but no data The web server returned success, but no data
52784The AAD Cloud AP Plugin does not have the requested PRT The AAD Cloud AP Plugin does not have the requested PRT
52812There is no core windows for the current thread. There is no core windows for the current thread.
52813Unable to obtain user token Unable to obtain user token
52814Failed to recieve user creds input Failed to recieve user creds input
52815AAD token request was cancelled by user AAD token request was cancelled by user
52816Device is not joined Device is not joined
53225Server response message is invalid Server response message is invalid
53226Server failed to authorize user or device. Server failed to authorize user or device.
53227Server response http status is unexpected Server response http status is unexpected
53229The request sent to the server was invalid. The request sent to the server was invalid.
53230Attestation failed Attestation failed
53231The AIK certificate is no longer valid. The AIK certificate is no longer valid.
53232There is no key registered for the user. There is no key registered for the user.
53233There is no UPN in the token. There is no UPN in the token.
53234The general server side directory error. The general server side directory error.
53235The device specified in the request was not found in the directory. The device specified in the request was not found in the directory.
53236The device is not ready to provide a CXH scenario Id for NGC registration. The device is not ready to provide a CXH scenario Id for NGC registration.
53238Failed to enroll for an NGC cert because there is NO Enterprise SSO. Failed to enroll for an NGC cert because there is NO Enterprise SSO.
56836User has no permission on the cert template or CA unreachable. User has no permission on the cert template or CA unreachable.
56837Generic Failure from management server, such as DB access error. Generic Failure from management server, such as DB access error.
56840Unknown server error. Unknown server error.
56841Another enrollment operation is currently underway. Another enrollment operation is currently underway.
56842Device is already enrolled. Device is already enrolled.
56843Device is not enrolled. Device is not enrolled.
56845During discovery the sec cert date was invalid. During discovery the sec cert date was invalid.
56846A password is needed (And wasn't supplied) A password is needed (And wasn't supplied)
56847An error during WAB enrollment An error during WAB enrollment
56848A http (or lower) error, such as dns or timeout A http (or lower) error, such as dns or timeout
56850The SSL cert wasn't valid The SSL cert wasn't valid
56851User already enrolled too many devices. Delete or unenroll old ones to fix this error (user can fix it without admin) User already enrolled too many devices. Delete or unenroll old ones to fix this error (user can fix it without admin)
56852Specific platform (e.g. Windows) or version is not supported (no point retrying or calling admin. User could upgrade device) Specific platform (e.g. Windows) or version is not supported (no point retrying or calling admin. User could upgrade device)
56853Mobile device management generally not supported (would save an admin call) Mobile device management generally not supported (would save an admin call)
56854Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device (user can fix it by re-enrolling) Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device (user can fix it by re-enrolling)
56855Account is in maintenance, retry later (user can retry later but might call admin because doesn't know when problem is solved) Account is in maintenance, retry later (user can retry later but might call admin because doesn't know when problem is solved)
56856License of user is in bad state blocking enrollment (user still needs to call admin) License of user is in bad state blocking enrollment (user still needs to call admin)
56857The server rejected the Enrollment Data, the server may not be configured correctly The server rejected the Enrollment Data, the server may not be configured correctly
56858The server asked to use HTTP from HTTPS, but the user didn't ok it The server asked to use HTTP from HTTPS, but the user didn't ok it
56859indicates trying to do an invalid operation on an enrollment, such as enrolling twice, or unenroll one that doesn't exist indicates trying to do an invalid operation on an enrollment, such as enrolling twice, or unenroll one that doesn't exist
56860Enrollment type isn't allowed on this SKU Enrollment type isn't allowed on this SKU
56861unknown client side error unknown client side error
56862Provisioning failed in CertificateStore CSP Provisioning failed in CertificateStore CSP
56863Provisioning failed in W7/DMAcc CSP Provisioning failed in W7/DMAcc CSP
56864Provisioning failed in DMClient CSP Provisioning failed in DMClient CSP
56865Provisioning failed in Passport for Work CSP Provisioning failed in Passport for Work CSP
56866Provisioning failed in a CSP not listed above Provisioning failed in a CSP not listed above
56867Provisioning failed, but a specific CSP is not indicated Provisioning failed, but a specific CSP is not indicated
56868the public cert was not found: a) when attempting to bind the public cert/private key or b) when looking into provisioning payload (perhaps targeting the wrong store) the public cert was not found: a) when attempting to bind the public cert/private key or b) when looking into provisioning payload (perhaps targeting the wrong store)
56869Provisioning failed in EnterpriseAppManagement CSP Provisioning failed in EnterpriseAppManagement CSP
56870MDM Management was blocked, such as via GP or SetManagedExternally() MDM Management was blocked, such as via GP or SetManagedExternally()
56871Failed to create the private key as requested Failed to create the private key as requested
57877?CCM_E_ITEMNOTFOUND? ?CCM_E_ITEMNOTFOUND?
57984CCM_E_EMPTY_CERT_STORE CCM_E_EMPTY_CERT_STORE
57985CCM_E_NO_CERT_MATCHING_CRITERIA CCM_E_NO_CERT_MATCHING_CRITERIA
57986More than one certificate found but 'select first cert' was not set More than one certificate found but 'select first cert' was not set
57987CCM_E_MISSING_PRIVATEKEY CCM_E_MISSING_PRIVATEKEY
57988CCM_E_MISSING_SUBJECT_NAME CCM_E_MISSING_SUBJECT_NAME
57989Valida search criteria verbs are 'Subject:', 'SubjectStr:' and 'SubjectAtr:' Valida search criteria verbs are 'Subject:', 'SubjectStr:' and 'SubjectAtr:'
57990CCM_E_INVALID_SMS_AUTHORITY CCM_E_INVALID_SMS_AUTHORITY
57991CCM_E_MISSING_SITE_SIGNING_CERT CCM_E_MISSING_SITE_SIGNING_CERT
57992Failures related to decompressing CIs/SDM packages Failures related to decompressing CIs/SDM packages
58000job contains no files, no action to perform job contains no files, no action to perform
58001Client doesn't have any assigned TS Client doesn't have any assigned TS
58002Client unable to compute Message Signature for InBand Auth Client unable to compute Message Signature for InBand Auth
58003Client unable to Refresh Site server signing certificate Client unable to Refresh Site server signing certificate
58004Client Unable to verify Policy Client Unable to verify Policy
58005Client Unable to find a valid Registration certificate Client Unable to find a valid Registration certificate
58006The client failed to process one or more CIs The client failed to process one or more CIs
58007CCM_E_INVALID_KEY CCM_E_INVALID_KEY
58008The client's database record could not be validated The client's database record could not be validated
58009The client does not recognize these type of signature (for delta download) The client does not recognize these type of signature (for delta download)
58010More client registration error More client registration error
58012The Client received a reset registration from Server The Client received a reset registration from Server
58013Client version is not compatible with the primary site version. Client version is not compatible with the primary site version.
58014CCM_E_HASH_MISMATCH CCM_E_HASH_MISMATCH
59648?CCM_E_CERTENROLL_SCEP_CERTREQUEST_PENDING? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_PENDING?
59649?CCM_E_CERTENROLL_SCEP_CERTREQUEST_UNEXPECTED? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_UNEXPECTED?
59650?CCM_E_CERTENROLL_SCEP_CERTREQUEST_FAILURE? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_FAILURE?
59651?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADALGORITHM? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADALGORITHM?
59652?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADMESSAGE? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADMESSAGE?
59653?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADTRANSACTION? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADTRANSACTION?
59654?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADSIGNINGTIME? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADSIGNINGTIME?
59655?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADCERTID? ?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADCERTID?
59656?CCM_E_CERTENROLL_SCEP_SERVERCERT_EMPTY? ?CCM_E_CERTENROLL_SCEP_SERVERCERT_EMPTY?
59657?CCM_E_CERTENROLL_SCEP_SERVERCAP_EMPTY? ?CCM_E_CERTENROLL_SCEP_SERVERCAP_EMPTY?
59664?CCM_E_CERTENROLL_SCEP_PKIOPRESPONSE_EMPTY? ?CCM_E_CERTENROLL_SCEP_PKIOPRESPONSE_EMPTY?
59665?CCM_E_CERTENROLL_SCEP_TPM_UNAVAILABLE? ?CCM_E_CERTENROLL_SCEP_TPM_UNAVAILABLE?
61440An attempt was made to perform an operation when initialization has not yet been completed. An attempt was made to perform an operation when initialization has not yet been completed.
61441The input XML is improperly formatted. The input XML is improperly formatted.
61442The object already exists. The object already exists.
61443A calculation resulted in an integer overflow. A calculation resulted in an integer overflow.
61444A calculation resulted in an integer underflow. A calculation resulted in an integer underflow.
61445An attempted rollback has failed. An attempted rollback has failed.
61446A failure happens when CSP runs outproc. A failure happens when CSP runs outproc.
61696The session has been aborted. The session has been aborted.
61698Authentication of the server failed. Authentication of the server failed.
61700The user has chosen to reject management actions. The user has chosen to reject management actions.
61701An action was performed on a node with an unexpected type. An action was performed on a node with an unexpected type.
61702The user has chosen to cancel management actions. The user has chosen to cancel management actions.
61703The management command has been bypassed. The management command has been bypassed.
61704A dialog has timed out while awaiting user acknowledgement. A dialog has timed out while awaiting user acknowledgement.
61705Text to be displayed is too large. Text to be displayed is too large.
61707The push message data has some parsing error. The push message data has some parsing error.
61709Previous keep alive message is still being processed and server send down new commands. Previous keep alive message is still being processed and server send down new commands.
61710Processing results that span multiple messages. Processing results that span multiple messages.
61711Cannot find NGC Key to install the certificate to. Cannot find NGC Key to install the certificate to.
61952The OMA-DM server replied with a Status code value indicating an error for the client's SyncHdr The OMA-DM server replied with a Status code value indicating an error for the client's SyncHdr
61953The session has been aborted because a 407 response was received. The session has been aborted because a 407 response was received.
61954The session has been aborted due to user cancellation. The session has been aborted due to user cancellation.
61956The session has been aborted because the device is in roaming state and DM is not allowed in this case. The session has been aborted because the device is in roaming state and DM is not allowed in this case.
61957The session has been aborted because the HMAC provided by server didn't match with the message body. The session has been aborted because the HMAC provided by server didn't match with the message body.
61958The session has been aborted because the account is being deleted. The session has been aborted because the account is being deleted.
61959The session has been aborted because no more retry allowed. The session has been aborted because no more retry allowed.
61960The session has been aborted because zero-byte data response was received. The session has been aborted because zero-byte data response was received.
61961No more sync session allowed. No more sync session allowed.
61962The SSLCertCriteria is not valid. The SSLCertCriteria is not valid.
62097The session has been aborted because a 401 response was received. The session has been aborted because a 401 response was received.
62099The session has been aborted because a 403 response was received. The session has been aborted because a 403 response was received.
62100The session has been aborted because a 404 response was received. The session has been aborted because a 404 response was received.
62109The session has been aborted because a 413 response was received. The session has been aborted because a 413 response was received.
62208The current object is not ready for use. The current object is not ready for use.
62209Stream is not ready for use. Stream is not ready for use.
62210Data . Data .
62211Compression corrupted. Compression corrupted.
62212Name is not a valid filename. Name is not a valid filename.
62213There is no file by the specified name. There is no file by the specified name.
62214Uninstall file not found. Uninstall file not found.
62215File is unexpectedly readonly. File is unexpectedly readonly.
62216Zip archive is invalid. Zip archive is invalid.
62217Unsupported compression method Unsupported compression method
62219Invalid stream. Invalid stream.
62220Format is not supported. Format is not supported.
62221Invalid zip item. Invalid zip item.
62223Cannot load zlib dll. Cannot load zlib dll.
62224Cannot find expected exported method. Cannot find expected exported method.

EXIF

File Name:certutil.exe.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_10.0.15063.0_en-us_e136a61557009451\
File Size:172 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:175616
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Executable application
File Subtype:0
Language Code:English (U.S.)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:CertUtil.exe
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:CertUtil.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:CertUtil.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-certutil.resources_31bf3856ad364e35_10.0.15063.0_en-us_85180a919ea3231b\

What is certutil.exe.mui?

certutil.exe.mui is Multilingual User Interface resource file that contain English (U.S.) language for file certutil.exe (CertUtil.exe).

File version info

File Description:CertUtil.exe
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:CertUtil.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:CertUtil.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x409, 1200