certutil.exe CertUtil.exe - cab26 - MUI - File Info. All about files.

File info

File name:	certutil.exe.mui
Size:	176128 byte
MD5:	f2436cfb0e297f660b4809068ffcab26
SHA1:	9566074b821608ea05fa4cd50ef6b2babcc3a59e
SHA256:	d81b828ecd9c91dc5c7495e095967ad23f6e0ed8b17505e698c095de200f9f83
Operating systems:	Windows 10
Extension:	MUI
In x64:	certutil.exe CertUtil.exe (32-bit)

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id	English (U.S.)	English
211	PKCS #7 (.p7b)\|.p7b\|X.509 Certificate (.cer;.crt)\|.cer;.crt\|Personal Information Exchange (.p12, .pfx)\|.pfx\|All Files (.)\|.*\|\|	PKCS #7 (.p7b)\|.p7b\|X.509 Certificate (.cer;.crt)\|.cer;.crt\|Personal Information Exchange (.p12, .pfx)\|.pfx\|All Files (.)\|.*\|\|
212	Select file to complete CA installation	Select file to complete CA installation
213	Unknown provider name	Unknown provider name
214	Cannot find the certificate for %1 to build a certificate chain. Do you wish to install this certificate now?	Cannot find the certificate for %1 to build a certificate chain. Do you wish to install this certificate now?
215	Cannot verify certificate chain. Do you wish to ignore the error and continue?	Cannot verify certificate chain. Do you wish to ignore the error and continue?
216	An error occurred retrieving the pending certificate from %1:	An error occurred retrieving the pending certificate from %1:
217	Get Server CA Name	Get Server CA Name
218	Select CA	Select CA
230	Save certificate and Keys	Save certificate and Keys
231	Retrieve Certificate	Retrieve Certificate
232	Finish Suspended Setup	Finish Suspended Setup
233	The certificate is not a CA certificate.	The certificate is not a CA certificate.
234	Setup complete	Setup complete
235	Retrieve Pending Certificate	Retrieve Pending Certificate
236	Key Index	Key Index
237	Load Old Certificate	Load Old Certificate
238	Clone Root Certificate	Clone Root Certificate
239	Build Request	Build Request
240	Renew CA -- reuse keys	Renew CA -- reuse keys
241	Install CA Certificate	Install CA Certificate
242	Renew CA -- new keys	Renew CA -- new keys
243	Build CA Certificate	Build CA Certificate
244	Save Chain and Keys	Save Chain and Keys
245	If you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA.	If you want to send the request to an offline CA, click Cancel and send the request file at %1 to your parent CA.
246	Create DS CDP object	Create DS CDP object
247	Create DS enrollment services object	Create DS enrollment services object
248	Create DS Root Trust	Create DS Root Trust
249	Publish CA in DS	Publish CA in DS
250	Submit Request	Submit Request
251	An error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP.	An error occurred when creating the new key container "%1". Please make sure the CSP is installed correctly or select another CSP.
252	The Certification Authority certificate has a bad length:	The Certification Authority certificate has a bad length:
253	The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect. The most recently generated request file should be used to obtain the new certificate: %1	The new Certification Authority certificate cannot be installed because the CA Version extension is incorrect. The most recently generated request file should be used to obtain the new certificate: %1
254	The root certificate is untrusted. Do you wish to trust the root certificate on this machine and complete the installation?	The root certificate is untrusted. Do you wish to trust the root certificate on this machine and complete the installation?
255	Cannot add the Certification Authority certificate to the certificate store:	Cannot add the Certification Authority certificate to the certificate store:
256	Cannot create a certificate context using the Certification Authority certificate:	Cannot create a certificate context using the Certification Authority certificate:
257	Unreferenced INF sections	Unreferenced INF sections
258	Set Security	Set Security
259	Cannot create file %1:	Cannot create file %1:
260	The existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA.	The existing private key "%1" cannot be deleted. Either reuse this key, or use a different name for the CA.
261	Cannot encode key attributes:	Cannot encode key attributes:
262	Cannot encode certificate:	Cannot encode certificate:
263	The %SystemRoot% environment variable is not set.	The %SystemRoot% environment variable is not set.
264	This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device.	This key storage device is full and the new key "%1" could not be added. Go back and pick an existing key, or use a different key storage device.
265	An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP.	An error occurred when generating key "%1" for the Active Directory Certificate Services service. Either the CSP configuration is not complete or the key length is not supported. Please make sure the CSP is installed correctly or select another CSP.
266	Cannot determine the computer name:	Cannot determine the computer name:
267	An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP.	An error occurred when setting the security access on the private key "%1", or the CSP selected does not support setting security access on private keys. Please make sure the CSP is installed correctly or select another CSP.
268	Cannot decode Certification Authority name information:	Cannot decode Certification Authority name information:
269	The parent CA has denied your request because you are not a domain administrator. (%1) To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.	The parent CA has denied your request because you are not a domain administrator. (%1) To obtain the certificate for your CA, you must request the certificate as a domain administrator. You can install the certificate using the Certification Authority snap-in.
270	The new certificate subject Common Name does not match the active CA name:	The new certificate subject Common Name does not match the active CA name:
271	Generate Keys	Generate Keys
272	An error was detected while configuring Active Directory Certificate Services. The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.	An error was detected while configuring Active Directory Certificate Services. The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.
273	The parent CA has denied your request for a CA certificate. Please contact the parent CA administrator. (%1)	The parent CA has denied your request for a CA certificate. Please contact the parent CA administrator. (%1)
274	An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator. (%1)	An error occurred when the parent CA processed this CA certificate request. Please contact the parent CA administrator. (%1)
275	This CA certificate request did not complete. Please contact the parent CA administrator. (%1)	This CA certificate request did not complete. Please contact the parent CA administrator. (%1)
276	This CA certificate will be issued administratively. Please contact the parent CA administrator. (%1)	This CA certificate will be issued administratively. Please contact the parent CA administrator. (%1)
277	This CA certificate request is in the pending state. Please contact the parent CA administrator. (%1)	This CA certificate request is in the pending state. Please contact the parent CA administrator. (%1)
278	This CA certificate was revoked by the parent CA. Please contact the parent CA administrator. (%1)	This CA certificate was revoked by the parent CA. Please contact the parent CA administrator. (%1)
279	Cannot set the key provider information for the certificate context:	Cannot set the key provider information for the certificate context:
280	Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported.	Cannot submit the certificate request to the specified CA. Please ensure that the CA information is correct and that the CA is online. Note: only CAs running the Microsoft Active Directory Certificate Services are supported.
281	Cannot submit the certificate request to the specified CA. (%1) To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.	Cannot submit the certificate request to the specified CA. (%1) To obtain the certificate for your CA, you can install the certificate using the Certification Authority snap-in.
282	The new certificate subject name does not exactly match the active CA name. Renew with a new key to allow minor subject name changes:	The new certificate subject name does not exactly match the active CA name. Renew with a new key to allow minor subject name changes:
283	The new certificate public key does not match the current outstanding request. The wrong request may have been used to generate the new certificate:	The new certificate public key does not match the current outstanding request. The wrong request may have been used to generate the new certificate:
284	Find certificate for %1	Find certificate for %1
285	Cannot write the Certification Authority certificate to file "%1":	Cannot write the Certification Authority certificate to file "%1":
286	Cannot write to file %1:	Cannot write to file %1:
287	INF file error	INF file error
288	Set Key Security	Set Key Security
289	Parent CA =	Parent CA =
290	Request ID =	Request ID =
291	Microsoft Active Directory Certificate Services	Microsoft Active Directory Certificate Services
292	Set Directory Security	Set Directory Security
299	An error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name.	An error occurred when creating the new key container "%1". You do not have write access permission to the key container. Please use a different CA name.
301	Dump configuration information or file	Dump configuration information or file
302	Get default configuration string	Get default configuration string
303	Get default configuration string via ICertGetConfig	Get default configuration string via ICertGetConfig
304	CA Version	CA Version
305	Decode hexadecimal-encoded file	Decode hexadecimal-encoded file
306	Decode Base64-encoded file	Decode Base64-encoded file
307	Encode file to Base64	Encode file to Base64
308	Deny pending request	Deny pending request
309	Resubmit pending request	Resubmit pending request
310	Revoke Certificate	Revoke Certificate
311	Publish new CRLs [or delta CRLs only]	Publish new CRLs [or delta CRLs only]
312	Get CRL	Get CRL
313	Display current certificate disposition	Display current certificate disposition
314	Set attributes for pending request	Set attributes for pending request
315	Set extension for pending request	Set extension for pending request
316	Retrieve the CA's certificate	Retrieve the CA's certificate
317	Retrieve the CA's certificate chain	Retrieve the CA's certificate chain
318	UserKeyAndCertFile [CertId]	UserKeyAndCertFile [CertId]
319	Import user keys and certificates into server database for key archival	Import user keys and certificates into server database for key archival
320	Dump Raw Database	Dump Raw Database
321	Verify public/private key set	Verify public/private key set
322	Verify certificate, CRL or chain	Verify certificate, CRL or chain
323	Check certificate for 0x7f length encodings	Check certificate for 0x7f length encodings
324	Display this usage message	Display this usage message
325	Verbose operation	Verbose operation
326	Use IDispatch instead of COM native methods	Use IDispatch instead of COM native methods
327	Reverse Log and Queue columns	Reverse Log and Queue columns
328	Options:	Options:
329	Unrecognized Reason	Unrecognized Reason
330	InFile OutFile	InFile OutFile
331	Column Name Localized Name Type MaxLength	Column Name Localized Name Type MaxLength
332	---------------------------- ---------------------------- ------ ---------	---------------------------- ---------------------------- ------ ---------
333	RequestId	RequestId
335	SerialNumber [Reason]	SerialNumber [Reason]
336	[%3 \| %1] [%2]	[%3 \| %1] [%2]
337	OutFile [Index] [%1]	OutFile [Index] [%1]
338	SerialNumber \| CertHash	SerialNumber \| CertHash
339	RequestId AttributeString	RequestId AttributeString
340	RequestId ExtensionName Flags {Long \| Date \| String \| @InFile}	RequestId ExtensionName Flags {Long \| Date \| String \| @InFile}
341	OutCACertFile [Index]	OutCACertFile [Index]
342	OutCACertChainFile [Index]	OutCACertChainFile [Index]
343	[KeyContainerName CACertFile]	[KeyContainerName CACertFile]
344	CertFile [ApplicationPolicyList \| - [IssuancePolicyList]] [Modifiers] CertFile [CACertFile [CrossedCACertFile]] CRLFile CACertFile [IssuedCertFile] CRLFile CACertFile [DeltaCRLFile]	CertFile [ApplicationPolicyList \| - [IssuancePolicyList]] [Modifiers] CertFile [CACertFile [CrossedCACertFile]] CRLFile CACertFile [IssuedCertFile] CRLFile CACertFile [DeltaCRLFile]
345	CertFile	CertFile
346	Out of memory	Out of memory
347	Missing %ws arg	Missing %ws arg
348	Unknown arg: %ws	Unknown arg: %ws
349	Multiple verb args: %ws	Multiple verb args: %ws
350	Missing argument	Missing argument
351	Too many arguments	Too many arguments
352	Internal verb table error	Internal verb table error
353	Unexpected "-%ws" option	Unexpected "-%ws" option
354	Usage:	Usage:
355	Options	Options
356	Verbs:	Verbs:
357	ObjectId -- ObjectId to display or to add display name GroupId -- decimal GroupId number for ObjectIds to enumerate AlgId -- hexadecimal AlgId for ObjectId to look up AlgorithmName -- Algorithm Name for ObjectId to look up DisplayName -- Display Name to store in DS %1 -- delete display name LanguageId -- Language Id (defaults to current: %2) Type -- DS object type to create: 1 for Template (default), 2 for Issuance Policy, 3 for Application Policy Use %3 to create DS object.	ObjectId -- ObjectId to display or to add display name GroupId -- decimal GroupId number for ObjectIds to enumerate AlgId -- hexadecimal AlgId for ObjectId to look up AlgorithmName -- Algorithm Name for ObjectId to look up DisplayName -- Display Name to store in DS %1 -- delete display name LanguageId -- Language Id (defaults to current: %2) Type -- DS object type to create: 1 for Template (default), 2 for Issuance Policy, 3 for Application Policy Use %3 to create DS object.
358	-- Indexed	-- Indexed
359	Input Length = %d	Input Length = %d
360	No Key Authority serial number	No Key Authority serial number
361	Output Length = %d	Output Length = %d
362	DecodeFile returned %ws	DecodeFile returned %ws
363	EncodeToFile returned %ws	EncodeToFile returned %ws
364	Issuer	Issuer
365	Subject	Subject
366	ERROR: CA Issuer name does not match Key Authority name (%x)	ERROR: CA Issuer name does not match Key Authority name (%x)
367	CA Issuer name matches Key Authority name	CA Issuer name matches Key Authority name
368	No Key Authority name	No Key Authority name
369	ERROR: Issuer serial number does not match Key Authority	ERROR: Issuer serial number does not match Key Authority
370	Issuer serial number matches Key Authority	Issuer serial number matches Key Authority
371	Issuer Name	Issuer Name
372	KeyAuthority Name	KeyAuthority Name
373	KeyId:	KeyId:
374	Key Authority SerialNumber:	Key Authority SerialNumber:
375	CA Serial Number:	CA Serial Number:
376	Process:	Process:
377	[DomainDN \| -]	[DomainDN \| -]
378	LoadKeys returned %ws	LoadKeys returned %ws
379	LoadCert returned %ws	LoadCert returned %ws
380	ERROR: Certificate public key does NOT match stored keyset	ERROR: Certificate public key does NOT match stored keyset
381	Container Public Key:	Container Public Key:
382	Certificate Public Key:	Certificate Public Key:
383	Key "%ws" verifies as the public key for Certificate "%ws"	Key "%ws" verifies as the public key for Certificate "%ws"
384	Key "%ws" does NOT verify as the public key for Certificate "%ws"	Key "%ws" does NOT verify as the public key for Certificate "%ws"
385	Leaf certificate is REVOKED (Reason=%x)	Leaf certificate is REVOKED (Reason=%x)
386	ERROR: Verifying leaf certificate revocation status returned %ws	ERROR: Verifying leaf certificate revocation status returned %ws
387	Cannot check leaf certificate revocation status	Cannot check leaf certificate revocation status
388	Leaf certificate revocation check passed	Leaf certificate revocation check passed
389	LoadCert(Cert) returned %ws	LoadCert(Cert) returned %ws
390	LoadCert(CA) returned %ws	LoadCert(CA) returned %ws
391	Cert	Cert
392	Issuing CA Cert	Issuing CA Cert
393	Cert Serial Number:	Cert Serial Number:
394	Issuing CA Cert Serial Number:	Issuing CA Cert Serial Number:
395	Issuing CA is not a root: Subject name does not match Issuer	Issuing CA is not a root: Subject name does not match Issuer
396	ERROR: Issuing CA Subject name does not match Cert Issuer	ERROR: Issuing CA Subject name does not match Cert Issuer
397	Issuing CA Subject name matches Cert Issuer	Issuing CA Subject name matches Cert Issuer
398	CertVerifySubjectCertificateContext Flags = %x --	CertVerifySubjectCertificateContext Flags = %x --
399	ERROR: Certificate validation failure: %x	ERROR: Certificate validation failure: %x
400	ERROR: CA did not issue Certificate: Signature check failed	ERROR: CA did not issue Certificate: Signature check failed
401	ERROR: Certificate has expired	ERROR: Certificate has expired
402	Certificate is current	Certificate is current
403	Contains CRL_DIST_POINTS revocation-check extension	Contains CRL_DIST_POINTS revocation-check extension
404	Contains NETSCAPE_REVOCATION_URL revocation-check extension	Contains NETSCAPE_REVOCATION_URL revocation-check extension
405	Certificate has no revocation-check extension	Certificate has no revocation-check extension
406	%ws verifies as issued by %ws	%ws verifies as issued by %ws
407	%ws does NOT verify (issued by %ws)	%ws does NOT verify (issued by %ws)
408	-- Revocation check skipped.	-- Revocation check skipped.
409	-- Revocation check passed.	-- Revocation check passed.
410	-- Revocation check: REVOKED.	-- Revocation check: REVOKED.
411	-- Revocation check FAILED.	-- Revocation check FAILED.
412	Signature matches Public Key	Signature matches Public Key
413	CRL Entries:	CRL Entries:
414	Cert:	Cert:
415	???	???
416	Suspect length in	Suspect length in
417	: field=%ws	: field=%ws
418	, oid=%ws	, oid=%ws
419	Extension %d: oid="%hs" fcrit=%u length=%x	Extension %d: oid="%hs" fcrit=%u length=%x
420	Signature does not match Public key: %x	Signature does not match Public key: %x
421	Cannot decode object: %ws	Cannot decode object: %ws
422	Algorithm ObjectId	Algorithm ObjectId
423	Algorithm Parameters:	Algorithm Parameters:
424	NULL	NULL
425	Public Key: UnusedBits = %u	Public Key: UnusedBits = %u
426	ChallengeString: "%ws"	ChallengeString: "%ws"
427	Config String: "%ws"	Config String: "%ws"
428	ICertGetConfig Config String: "%ws"	ICertGetConfig Config String: "%ws"
429	Certificate request is pending: RequestId: %u	Certificate request is pending: RequestId: %u
430	Certificate issued.	Certificate issued.
431	Certificate has not been issued: Disposition: %d -- %ws	Certificate has not been issued: Disposition: %d -- %ws
432	Certificate disposition for "%ws" is invalid	Certificate disposition for "%ws" is invalid
433	Certificate disposition for "%ws" is valid	Certificate disposition for "%ws" is valid
434	Certificate disposition for "%ws" is revoked (%ws)	Certificate disposition for "%ws" is revoked (%ws)
435	Date	Date
436	Long	Long
437	String	String
438	Binary	Binary
439	Schema:	Schema:
440	Row %u:	Row %u:
441	Opening Database %ws	Opening Database %ws
442	EMPTY	EMPTY
443	error = %ws	error = %ws
444	,	,
445	Any Format	Any Format
446	PKCS10	PKCS10
447	KeyGen Tag	KeyGen Tag
448	PKCS7	PKCS7
449	Unknown	Unknown
450	Force Teletex	Force Teletex
451	Renewal	Renewal
452	Critical	Critical
453	Disabled	Disabled
454	PolicyFlags=%x	PolicyFlags=%x
455	Request	Request
456	Policy	Policy
457	Admin	Admin
458	Server	Server
459	UNKNOWN	UNKNOWN
460	Origin=%ws	Origin=%ws
461	???=%x	???=%x
462	Get configuration via ICertConfig	Get configuration via ICertConfig
463	Request Properties:	Request Properties:
464	Certificate Properties:	Certificate Properties:
465	Command Line	Command Line
466	Sanitized Name:	Sanitized Name:
467	%ws: Flags = %x%ws, Length = %x	%ws: Flags = %x%ws, Length = %x
468	Expected at least %u args, received %u	Expected at least %u args, received %u
469	Expected no more than %u args, received %u	Expected no more than %u args, received %u
470	No active Certification Authorities found: %ws	No active Certification Authorities found: %ws
471	%ws: -%ws command FAILED: %ws	%ws: -%ws command FAILED: %ws
473	None	None
474	Other	Other
476	IssuerRDN	IssuerRDN
477	IssuerRDNAttribute	IssuerRDNAttribute
478	IssuerRDNString	IssuerRDNString
480	SubjectRDN	SubjectRDN
481	SubjectRDNAttribute	SubjectRDNAttribute
482	SubjectRDNString	SubjectRDNString
483	Extensions	Extensions
484	ExtensionArray	ExtensionArray
485	Extension	Extension
486	ExtensionValue	ExtensionValue
487	ExtensionValueRaw	ExtensionValueRaw
488	No key provider information	No key provider information
489	Dump Certificate View	Dump Certificate View
490	%ws added to DS store.	%ws added to DS store.
491	Ping Active Directory Certificate Services Request interface	Ping Active Directory Certificate Services Request interface
492	Ping Active Directory Certificate Services Admin interface	Ping Active Directory Certificate Services Admin interface
493	Name:	Name:
494	Organizational Unit:	Organizational Unit:
495	Organization:	Organization:
496	Locality:	Locality:
497	State:	State:
498	Country/region:	Country/region:
499	Config:	Config:
500	Exchange Certificate:	Exchange Certificate:
501	Signature Certificate:	Signature Certificate:
502	Description:	Description:
503	Server:	Server:
504	Authority:	Authority:
505	Entry	Entry
506	Certificate Extensions:	Certificate Extensions:
507	Request Attributes:	Request Attributes:
508	Shutdown Active Directory Certificate Services	Shutdown Active Directory Certificate Services
509	Command Status	Command Status
510	Dump Certificate Schema	Dump Certificate Schema
511	Command Succeeded	Command Succeeded
512	Password	Password
513	X509 Certificate:	X509 Certificate:
514	X509 Certificate Revocation List:	X509 Certificate Revocation List:
515	PKCS10 Certificate Request:	PKCS10 Certificate Request:
516	KeyGen Certificate Request:	KeyGen Certificate Request:
517	Version: %u	Version: %u
518	Serial Number:	Serial Number:
519	Signature Algorithm:	Signature Algorithm:
520	Public Key Algorithm:	Public Key Algorithm:
521	Issuer Unique Id:	Issuer Unique Id:
522	Subject Unique Id:	Subject Unique Id:
523	NotBefore:	NotBefore:
524	NotAfter:	NotAfter:
525	ThisUpdate:	ThisUpdate:
526	NextUpdate:	NextUpdate:
527	Revocation Date:	Revocation Date:
528	Extensions:	Extensions:
529	CRL Extensions:	CRL Extensions:
530	PKCS7 Message:	PKCS7 Message:
531	Possible Root Certificate: Subject matches Issuer, but Signature check fails: %x	Possible Root Certificate: Subject matches Issuer, but Signature check fails: %x
532	Non-root Certificate	Non-root Certificate
533	Root Certificate: Subject matches Issuer	Root Certificate: Subject matches Issuer
534	Non-root Certificate uses same Public Key as Issuer	Non-root Certificate uses same Public Key as Issuer
535	Revoking "%ws"	Revoking "%ws"
536	Enter PFX password:	Enter PFX password:
537	No built-in formatting support	No built-in formatting support
538	Private Key:	Private Key:
539	Length	Length
540	Display times as GMT	Display times as GMT
541	GMT	GMT
542	BackupDirectory	BackupDirectory
543	Backup Active Directory Certificate Services certificate and private key	Backup Active Directory Certificate Services certificate and private key
544	BackupDirectory \| PFXFile	BackupDirectory \| PFXFile
545	Restore Active Directory Certificate Services certificate and private key	Restore Active Directory Certificate Services certificate and private key
546	[CertificateStoreName [CertId [OutputFile]]]	[CertificateStoreName [CertId [OutputFile]]]
547	Dump certificate store	Dump certificate store
548	ProviderType = %x	ProviderType = %x
549	Key Container = %ws	Key Container = %ws
550	Provider = %ws	Provider = %ws
551	KeySpec = %x	KeySpec = %x
552	Flags	Flags
553	Restored keys and certificates for %ws\%ws from %ws.	Restored keys and certificates for %ws\%ws from %ws.
554	Backed up keys and certificates for %ws\%ws to %ws.	Backed up keys and certificates for %ws\%ws to %ws.
555	[CACertFile]	[CACertFile]
556	Install Certification Authority certificate	Install Certification Authority certificate
557	PKCS7 Message Content:	PKCS7 Message Content:
558	Authenticated Attributes	Authenticated Attributes
559	Signing Certificate Index	Signing Certificate Index
560	================ Begin Nesting Level %d ================	================ Begin Nesting Level %d ================
561	---------------- End Nesting Level %d ----------------	---------------- End Nesting Level %d ----------------
562	%ws: Lang %08x (%u.%u)	%ws: Lang %08x (%u.%u)
563	File %u.%u:%u.%u	File %u.%u:%u.%u
564	Product %u.%u:%u.%u	Product %u.%u:%u.%u
565	No Signer	No Signer
566	No PKCS7 Message Content	No PKCS7 Message Content
567	No Certificates	No Certificates
568	No CRLs	No CRLs
569	Certificates:	Certificates:
570	CRLs:	CRLs:
571	Renewal Certificate:	Renewal Certificate:
572	Encrypted Hash:	Encrypted Hash:
573	%d attributes:	%d attributes:
574	Attribute	Attribute
575	Value[%d][%d], Length = %x	Value[%d][%d], Length = %x
576	BackupDirectory [%1] [%2]	BackupDirectory [%1] [%2]
577	Backup Active Directory Certificate Services database	Backup Active Directory Certificate Services database
579	Restore Active Directory Certificate Services database	Restore Active Directory Certificate Services database
580	Reason: Unspecified	Reason: Unspecified
581	Reason: Key Compromise	Reason: Key Compromise
582	Reason: CA Compromise	Reason: CA Compromise
583	Reason: Affiliation Changed	Reason: Affiliation Changed
584	Reason: Superseded	Reason: Superseded
585	Reason: Cessation of Operation	Reason: Cessation of Operation
586	Reason: Certificate Hold	Reason: Certificate Hold
587	Reason: Remove From CRL	Reason: Remove From CRL
588	List CSPs installed on this machine	List CSPs installed on this machine
589	Test CSPs installed on this machine	Test CSPs installed on this machine
590	[Algorithm]	[Algorithm]
591	Use silent flag to acquire crypt context	Use silent flag to acquire crypt context
592	%1 -- Request queue %2 -- Issued or revoked certificates, plus failed requests %3 -- Failed requests %4 -- Revoked certificates %5 -- Extension table %6 -- Attribute table %7 -- CRL table %8 -- Output as Comma Separated Values To display the StatusCode column for all entries: -out StatusCode To display all columns for the last entry: -restrict "RequestId==$" To display RequestId and Disposition for three requests: -restrict "RequestId=37,RequestId	%1 -- Request queue %2 -- Issued or revoked certificates, plus failed requests %3 -- Failed requests %4 -- Revoked certificates %5 -- Extension table %6 -- Attribute table %7 -- CRL table %8 -- Output as Comma Separated Values To display the StatusCode column for all entries: -out StatusCode To display all columns for the last entry: -restrict "RequestId==$" To display RequestId and Disposition for three requests: -restrict "RequestId=37,RequestId
593	[ObjectId \| %1 \| %2 [CommonName]]	[ObjectId \| %1 \| %2 [CommonName]]
594	Active	Active
595	Pending	Pending
596	Issued	Issued
597	Revoked	Revoked
598	Error	Error
599	Denied	Denied
600	Renewal Cert	Renewal Cert
601	Stop and Start Active Directory Certificate Services to complete database restore from %ws.	Stop and Start Active Directory Certificate Services to complete database restore from %ws.
602	Server ICertAdmin%ws interface is alive	Server ICertAdmin%ws interface is alive
603	Cannot open Active Directory Certificate Services database: %ws.	Cannot open Active Directory Certificate Services database: %ws.
604	The Certification Authority service must be stopped for direct database access.	The Certification Authority service must be stopped for direct database access.
605	(Local)	(Local)
606	%ws: No local Certification Authority; use -config option	%ws: No local Certification Authority; use -config option
607	Reason: Unrevoke	Reason: Unrevoke
608	This might be caused by: Inaccessible server No permissions on server Server not in the expected state	This might be caused by: Inaccessible server No permissions on server Server not in the expected state
609	Dump PFX structure	Dump PFX structure
610	Server "%ws" ICertRequest%ws interface is alive %ws	Server "%ws" ICertRequest%ws interface is alive %ws
611	Connecting to %ws ...	Connecting to %ws ...
612	Use HKEY_CURRENT_USER keys or certificate store	Use HKEY_CURRENT_USER keys or certificate store
613	================ Certificate %d ================	================ Certificate %d ================
614	Enter new password:	Enter new password:
615	Confirm new password:	Confirm new password:
616	Password differs -- please try again	Password differs -- please try again
617	Missing stored keyset	Missing stored keyset
619	Backup Active Directory Certificate Services	Backup Active Directory Certificate Services
621	Restore Active Directory Certificate Services	Restore Active Directory Certificate Services
622	CertificateStoreName InFile	CertificateStoreName InFile
623	Add certificate to store	Add certificate to store
624	CertificateStoreName CertId	CertificateStoreName CertId
625	Delete certificate from store	Delete certificate from store
626	CertificateStoreName [CertId]	CertificateStoreName [CertId]
627	Verify certificate in store	Verify certificate in store
628	Deleting Certificate %d: %ws	Deleting Certificate %d: %ws
629	Verifies against UNTRUSTED root	Verifies against UNTRUSTED root
630	Incomplete certificate chain	Incomplete certificate chain
631	Certificate is valid	Certificate is valid
632	Incomplete	Incomplete
636	Issued Out of Band	Issued Out of Band
639	Certificate request for "%ws" is pending	Certificate request for "%ws" is pending
640	Cannot add a non-root certificate to the root store	Cannot add a non-root certificate to the root store
641	Force overwrite	Force overwrite
642	Certificate or key exists. Use the "%ws" option to overwrite.	Certificate or key exists. Use the "%ws" option to overwrite.
643	Incremental database backup for %ws.	Incremental database backup for %ws.
644	Full database backup for %ws.	Full database backup for %ws.
645	Backed up database to %ws.	Backed up database to %ws.
646	Database logs were preserved.	Database logs were preserved.
647	Database logs successfully truncated.	Database logs successfully truncated.
648	Restoring database for %ws.	Restoring database for %ws.
649	File	File
650	ObjectId [DisplayName \| %1 [LanguageId [Type]]] GroupId AlgId \| AlgorithmName [GroupId]	ObjectId [DisplayName \| %1 [LanguageId [Type]]] GroupId AlgId \| AlgorithmName [GroupId]
651	Display ObjectId or set display name	Display ObjectId or set display name
652	Unknown ObjectId	Unknown ObjectId
653	Certfile [%1]	Certfile [%1]
654	Import a certificate file into the database	Import a certificate file into the database
655	Imported Certificate, Assigned RequestId %i.	Imported Certificate, Assigned RequestId %i.
656	Revocation check skipped -- server offline	Revocation check skipped -- server offline
657	Revocation check skipped -- no revocation information available	Revocation check skipped -- no revocation information available
658	Display dynamic file List	Display dynamic file List
659	[{%1\|%2\|%3\|%4\|%5\|%6\|%7\|%8}\[%9\]][RegistryValueName]	[{%1\|%2\|%3\|%4\|%5\|%6\|%7\|%8}\[%9\]][RegistryValueName]
660	Display registry value	Display registry value
661	[{%1\|%2\|%3\|%4\|%5\|%6\|%7\|%8}\[%9\]]RegistryValueName Value	[{%1\|%2\|%3\|%4\|%5\|%6\|%7\|%8}\[%9\]]RegistryValueName Value
662	Set registry value	Set registry value
663	Old Value:	Old Value:
664	New Value:	New Value:
665	AltName: %u entries:	AltName: %u entries:
666	AltName	AltName
667	Display database locations	Display database locations
668	Not a valid backup target directory: %ws.	Not a valid backup target directory: %ws.
669	Not a valid backup directory: %ws.	Not a valid backup directory: %ws.
670	Backup content verification failed: %ws.	Backup content verification failed: %ws.
671	Incremental database restore for %ws.	Incremental database restore for %ws.
672	Full database restore for %ws.	Full database restore for %ws.
673	Imported Cert	Imported Cert
674	ERROR: Cert is not yet valid	ERROR: Cert is not yet valid
675	ERROR: Cert has expired	ERROR: Cert has expired
676	ERROR: Cert Valid before issuing CA Cert Valid	ERROR: Cert Valid before issuing CA Cert Valid
677	ERROR: Cert Expires after issuing CA Cert Expires	ERROR: Cert Expires after issuing CA Cert Expires
678	Decoded extra Extension Array encoding layer (Teletex string)	Decoded extra Extension Array encoding layer (Teletex string)
679	ErrorCode	ErrorCode
680	Display error code message text	Display error code message text
681	Create/delete web virtual roots and file shares	Create/delete web virtual roots and file shares
682	Web Virtual Root %ws	Web Virtual Root %ws
683	File Share %ws	File Share %ws
684	Created	Created
685	Deleted	Deleted
686	Already Exists	Already Exists
687	Not Found	Not Found
688	Create Error	Create Error
689	Delete Error	Delete Error
690	Not Supported. The virtual directory cannot be created because the "IIS 6 Metabase Compatibility" role service is not installed. Install the "IIS 6 Metabase Compatibility" role service and run the command again.	Not Supported. The virtual directory cannot be created because the "IIS 6 Metabase Compatibility" role service is not installed. Install the "IIS 6 Metabase Compatibility" role service and run the command again.
691	[%1]	[%1]
692	Backing up Database files	Backing up Database files
693	Backing up Log files	Backing up Log files
694	Truncating Logs	Truncating Logs
695	Restoring Database files	Restoring Database files
696	Restoring Log files	Restoring Log files
697	Maximum Row Index	Maximum Row Index
698	CA Cert	CA Cert
699	CA Cert Chain	CA Cert Chain
700	Characters	Characters
701	OVERFLOW:	OVERFLOW:
702	Repeated "-%ws" option	Repeated "-%ws" option
703	Config string must include Authority name	Config string must include Authority name
704	CertFile -- certificate file to publish %1 -- Publish cert to DS Enterprise store %2 -- Publish cert to DS Trusted Root store %3 -- Publish CA cert to DS CA object %4 -- Publish cross cert to DS CA object %5 -- Publish cert to DS Key Recovery Agent object %6 -- Publish cert to User DS object %7 -- Publish cert to Machine DS object CRLFile -- CRL file to publish DSCDPContainer -- DS CDP container CN, usually the CA machine name DSCDPCN -- DS CDP object CN, usually based on the sanitized CA short name and key index Use %8 to create DS object.	CertFile -- certificate file to publish %1 -- Publish cert to DS Enterprise store %2 -- Publish cert to DS Trusted Root store %3 -- Publish CA cert to DS CA object %4 -- Publish cross cert to DS CA object %5 -- Publish cert to DS Key Recovery Agent object %6 -- Publish cert to User DS object %7 -- Publish cert to Machine DS object CRLFile -- CRL file to publish DSCDPContainer -- DS CDP container CN, usually the CA machine name DSCDPCN -- DS CDP object CN, usually based on the sanitized CA short name and key index Use %8 to create DS object.
705	Ensure the server is correctly installed and retry.	Ensure the server is correctly installed and retry.
706	Connecting to data source %hs as user %hs	Connecting to data source %hs as user %hs
707	Failed to connect to data source 0x%08x (%d)	Failed to connect to data source 0x%08x (%d)
708	Converted %u rows	Converted %u rows
709	Skipped %u rows that already exist in new Database	Skipped %u rows that already exist in new Database
710	Skipped %u rows not issued by this Certification Authority	Skipped %u rows not issued by this Certification Authority
711	Converting Row %u	Converting Row %u
712	Row %u -- Skipping duplicate Serial Number: %ws	Row %u -- Skipping duplicate Serial Number: %ws
713	Row %u -- Skipping entry not issued by this Certification Authority: %ws	Row %u -- Skipping entry not issued by this Certification Authority: %ws
714	Converting source row %u to target row %u	Converting source row %u to target row %u
715	Begin names table entries for %u.%u	Begin names table entries for %u.%u
716	End names table entries for %u.%u	End names table entries for %u.%u
717	Get SMTP info	Get SMTP info
718	LogonName	LogonName
719	Set SMTP info	Set SMTP info
720	%u Rows	%u Rows
721	Row Properties	Row Properties
722	Request Attributes	Request Attributes
723	Certificate Extensions	Certificate Extensions
724	Total Fields	Total Fields
725	%4u %ws, Total Size = %u, Max Size = %u, Ave Size = %u	%4u %ws, Total Size = %u, Max Size = %u, Ave Size = %u
726	Private key is NOT exportable	Private key is NOT exportable
727	Enterprise Root CA	Enterprise Root CA
728	Enterprise Subordinate CA	Enterprise Subordinate CA
729	Stand-alone Root CA	Stand-alone Root CA
730	Stand-alone Subordinate CA	Stand-alone Subordinate CA
731	Unknown CA Type: %u	Unknown CA Type: %u
732	[%1] [Machine\ParentCAName]	[%1] [Machine\ParentCAName]
733	Renew Certification Authority certificate	Renew Certification Authority certificate
734	Cert Hash(%ws):	Cert Hash(%ws):
735	Error message text: %ws	Error message text: %ws
736	================ CRL %d ================	================ CRL %d ================
737	Deleting CRL %d: %ws	Deleting CRL %d: %ws
738	CA Certs: %u	CA Certs: %u
739	Keys:	Keys:
740	Values:	Values:
741	Load(CRL) returned %ws	Load(CRL) returned %ws
742	CRL	CRL
743	ERROR: CRL is not yet valid	ERROR: CRL is not yet valid
744	ERROR: CRL has expired	ERROR: CRL has expired
745	ERROR: CRL Valid before issuing CA Cert Valid	ERROR: CRL Valid before issuing CA Cert Valid
746	ERROR: CRL Expires after issuing CA Cert Expires	ERROR: CRL Expires after issuing CA Cert Expires
747	ERROR: Issuing CA Subject name does not match CRL Issuer	ERROR: Issuing CA Subject name does not match CRL Issuer
748	Issuing CA Subject name matches CRL Issuer	Issuing CA Subject name matches CRL Issuer
749	ERROR: CA did not issue CRL: Signature check failed	ERROR: CA did not issue CRL: Signature check failed
750	CRL signature is valid	CRL signature is valid
751	CA Key Id matches Key Id	CA Key Id matches Key Id
752	ERROR: CA Key Id does not match Key Id	ERROR: CA Key Id does not match Key Id
753	No Key Id	No Key Id
755	Unavailable	Unavailable
756	Error: No CRL for this Cert	Error: No CRL for this Cert
758	Valid	Valid
759	Expired	Expired
760	Under Submission	Under Submission
762	[KeyContainerName \| -]	[KeyContainerName \| -]
763	List key containers	List key containers
764	KeyContainerName	KeyContainerName
765	Delete named key container	Delete named key container
766	Certificate is REVOKED	Certificate is REVOKED
767	CA cert verify status	CA cert verify status
768	Flags:	Flags:
769	ERROR: Certificate public key does NOT match private key	ERROR: Certificate public key does NOT match private key
770	Signature test passed	Signature test passed
771	Signature test FAILED	Signature test FAILED
772	Display DS Certificates	Display DS Certificates
773	[FullDSDN] \| [CertId [OutFile]]	[FullDSDN] \| [CertId [OutFile]]
774	Display DS CRLs	Display DS CRLs
775	[FullDSDN] \| [CRLIndex [OutFile]]	[FullDSDN] \| [CRLIndex [OutFile]]
776	[CN]	[CN]
777	Display DS DNs	Display DS DNs
778	CN	CN
779	Delete DS DNs	Delete DS DNs
780	Deleting	Deleting
781	[InfoName [Index \| ErrorCode]]	[InfoName [Index \| ErrorCode]]
782	Display CA Information	Display CA Information
783	InfoName argument syntax:	InfoName argument syntax:
785	[Index]	[Index]
786	Force UTF-8	Force UTF-8
787	Signature: UnusedBits=%u	Signature: UnusedBits=%u
788	Short Name:	Short Name:
789	Sanitized Short Name:	Sanitized Short Name:
790	SMIME Capabilities:	SMIME Capabilities:
791	Request File:	Request File:
792	PKCS7 Attribute	PKCS7 Attribute
793	No Signature	No Signature
794	Certificate Sequence:	Certificate Sequence:
795	Cannot find certificate:	Cannot find certificate:
796	Valid Encrypted Key Hash	Valid Encrypted Key Hash
797	[%1 \| %2 \| %3]	[%1 \| %2 \| %3]
798	[%1 \| %2 \| %3 \| %4 \| %5 \| %6 \| %7] [%8]	[%1 \| %2 \| %3 \| %4 \| %5 \| %6 \| %7] [%8]
800	Display DS Delta CRLs	Display DS Delta CRLs
801	Display times with seconds and milliseconds	Display times with seconds and milliseconds
802	ERROR: CA Cert has no Basic Constraints2 Extension	ERROR: CA Cert has no Basic Constraints2 Extension
803	ERROR: Cannot decode CA Cert Basic Constraints2 Extension	ERROR: Cannot decode CA Cert Basic Constraints2 Extension
804	ERROR: CA Cert is an End Entity certificate	ERROR: CA Cert is an End Entity certificate
805	Cert is a CA certificate	Cert is a CA certificate
806	Cert is an End Entity certificate	Cert is an End Entity certificate
807	Element %u:	Element %u:
808	CMC	CMC
809	Certificate is NOT valid: %ws	Certificate is NOT valid: %ws
810	Encryption test passed	Encryption test passed
811	Encryption test FAILED	Encryption test FAILED
812	Use V1 interfaces	Use V1 interfaces
813	File version	File version
814	Product version	Product version
815	Exit module count	Exit module count
816	Exit module description	Exit module description
817	Policy module description	Policy module description
818	CA name	CA name
819	Sanitized CA name	Sanitized CA name
820	Shared folder	Shared folder
821	CA type	CA type
822	Parent CA	Parent CA
823	CA cert count	CA cert count
824	CA cert	CA cert
825	CA cert chain	CA cert chain
826	CA exchange cert count	CA exchange cert count
827	CA exchange cert	CA exchange cert
828	CA exchange cert chain	CA exchange cert chain
829	Base CRL	Base CRL
830	Delta CRL	Delta CRL
833	CA info	CA info
834	Display CA Property Type Information	Display CA Property Type Information
835	Use ICertAdmin2 for CA Properties	Use ICertAdmin2 for CA Properties
836	Maximum CA PropId	Maximum CA PropId
837	Select a certificate from a selection UI	Select a certificate from a selection UI
838	Certificate List	Certificate List
839	List certificates	List certificates
840	List certificates for ObjectId	List certificates for ObjectId
841	List Enrollment Registration Authority certificates	List Enrollment Registration Authority certificates
842	List Key Recovery Agent certificates	List Key Recovery Agent certificates
843	Key Id Hash(%ws):	Key Id Hash(%ws):
844	CMS Certificate Request:	CMS Certificate Request:
845	CMS Response:	CMS Response:
846	Tagged Attributes:	Tagged Attributes:
847	Tagged Content Info:	Tagged Content Info:
848	Tagged Requests:	Tagged Requests:
849	Tagged Other Messages:	Tagged Other Messages:
850	UNKNOWN Request Choice	UNKNOWN Request Choice
851	Body Part Id:	Body Part Id:
852	Cannot load key: %ws	Cannot load key: %ws
853	Expired certificate	Expired certificate
854	Unauthenticated Attributes	Unauthenticated Attributes
855	Content Type	Content Type
856	Data Reference	Data Reference
857	Cert Reference	Cert Reference
858	Value	Value
859	UNKNOWN Tagged Attribute	UNKNOWN Tagged Attribute
860	Signer Count	Signer Count
861	Signer Info	Signer Info
862	Hash Algorithm:	Hash Algorithm:
863	Encrypted Hash Algorithm:	Encrypted Hash Algorithm:
864	Stored Hash%ws:	Stored Hash%ws:
865	Computed Hash%ws:	Computed Hash%ws:
866	CMC Attribute	CMC Attribute
867	Exchange Authority Information Access	Exchange Authority Information Access
868	Exchange Version	Exchange Version
869	InFile [HashAlgorithm]	InFile [HashAlgorithm]
870	Generate and display cryptographic hash over a file	Generate and display cryptographic hash over a file
871	%ws hash of file %ws:	%ws hash of file %ws:
872	CA Key Exchange Certificate	CA Key Exchange Certificate
873	Pass	Pass
874	No Recipient	No Recipient
875	Recipient Count	Recipient Count
876	Recipient Info	Recipient Info
877	DNS Name	DNS Name
878	SearchToken [RecoveryBlobOutFile] SearchToken %1 OutputScriptFile SearchToken %2 \| %3 OutputFileBaseName	SearchToken [RecoveryBlobOutFile] SearchToken %1 OutputScriptFile SearchToken %2 \| %3 OutputFileBaseName
879	Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys	Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys
880	RecoveryBlobInFile [PFXOutFile [RecipientIndex]]	RecoveryBlobInFile [PFXOutFile [RecipientIndex]]
881	Recover archived private key	Recover archived private key
882	[File]	[File]
883	Decrypted PKCS7 Message Content	Decrypted PKCS7 Message Content
884	Cannot decrypt message content.	Cannot decrypt message content.
885	Key recovery requires one of the following certificates and its private key:	Key recovery requires one of the following certificates and its private key:
886	User Certificate:	User Certificate:
887	Algorithm Class	Algorithm Class
888	Algorithm Type	Algorithm Type
889	Algorithm Sub-id	Algorithm Sub-id
890	CMC Status Info	CMC Status Info
891	Body Part Id Reference	Body Part Id Reference
892	Status String	Status String
893	Other Info Choice	Other Info Choice
894	Fail Info	Fail Info
895	Pend Token:	Pend Token:
896	Pend Time	Pend Time
897	CertFile [%1 \| %2 \| %3 \| %4 \| %5 \| %6 \| %7] CRLFile [DSCDPContainer [DSCDPCN]]	CertFile [%1 \| %2 \| %3 \| %4 \| %5 \| %6 \| %7] CRLFile [DSCDPContainer [DSCDPCN]]
898	Publish certificate or CRL to Active Directory	Publish certificate or CRL to Active Directory
899	Could not load Certificate or CRL from file (%ws)	Could not load Certificate or CRL from file (%ws)
900	User	User
901	Authenticated Session	Authenticated Session
902	Smartcard Logon	Smartcard Logon
903	Basic EFS	Basic EFS
904	Administrator	Administrator
905	EFS Recovery Agent	EFS Recovery Agent
906	Code Signing	Code Signing
907	Trust List Signing	Trust List Signing
908	Computer	Computer
909	Domain Controller	Domain Controller
910	Web Server	Web Server
911	KDC	KDC
912	Root Certification Authority	Root Certification Authority
913	Subordinate Certification Authority	Subordinate Certification Authority
914	Enrollment Agent	Enrollment Agent
915	Smartcard User	Smartcard User
917	User Signature Only	User Signature Only
919	The value for the following key is incorrect in the INF file. It should be a non-zero numeric value.	The value for the following key is incorrect in the INF file. It should be a non-zero numeric value.
923	IPSec	IPSec
924	The value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value.	The value for RenewalValidityPeriodUnits is incorrect in CAPolicy.inf. It should be a non-zero numeric value.
925	IPSec (Offline request)	IPSec (Offline request)
926	The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English).	The value for RenewalValidityPeriod is incorrect in CAPolicy.inf. It should be one of the following: Years, Months, Weeks or Days (in English).
927	Router (Offline request)	Router (Offline request)
928	req	req
929	Open Request File	Open Request File
930	Request Files (.req; .txt; .cmc; .der)\|.req;.txt;.cmc;.der\|Certificate Files(.cer; .crt; .der)\|.cer;.crt;.der\|All Files (.)\|.\|\|	Request Files (.req; .txt; .cmc; .der)\|.req;.txt;.cmc;.der\|Certificate Files(.cer; .crt; .der)\|.cer;.crt;.der\|All Files (.)\|.\|\|
931	Please enter a computer name.	Please enter a computer name.
932	Please make sure there is a running CA on the computer.	Please make sure there is a running CA on the computer.
933	There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system administrator or select a different CA.	There is no matched CA on the computer. This might be caused by the computer being offline. Please contact the system administrator or select a different CA.
934	Cannot ping the selected CA. Please make sure the CA is running.	Cannot ping the selected CA. Please make sure the CA is running.
935	Exchange Enrollment Agent (Offline request)	Exchange Enrollment Agent (Offline request)
936	Exchange User	Exchange User
937	Exchange Signature Only	Exchange Signature Only
938	There are no published CAs available. Please contact the system administrator or select a CA by name.	There are no published CAs available. Please contact the system administrator or select a CA by name.
939	Enrollment Agent (Computer)	Enrollment Agent (Computer)
940	Save Request File	Save Request File
941	CEP Encryption	CEP Encryption
942	Built Policy	Built Policy
943	Policy Element	Policy Element
944	Policy Statement Extension	Policy Statement Extension
945	Policy inf missing section or key	Policy inf missing section or key
946	Opened Policy inf	Opened Policy inf
947	Cannot open Policy inf	Cannot open Policy inf
948	Begin	Begin
949	End	End
950	Manage CA	Manage CA
951	Issue and Manage Certificates	Issue and Manage Certificates
952	Manage Audit Logs	Manage Audit Logs
953	Backup and Restore	Backup and Restore
954	Read	Read
955	Request Certificates	Request Certificates
964	Closed Policy inf	Closed Policy inf
965	Message Box	Message Box
966	The value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English).	The value for RenewalValidityPeriod is incorrect in unattended answer file. It should be one of the following: Years, Months, Weeks or Days (in English).
967	Key Recovery Agent	Key Recovery Agent
968	CA Exchange	CA Exchange
969	970 Cross Certification Authority	970 Cross Certification Authority
971	Domain Controller Authentication	Domain Controller Authentication
972	Directory Email Replication	Directory Email Replication
974	You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.	You have configured this Web client to forward requests to an enterprise CA. If the CA is using the enterprise default policy module, this computer must have delegation enabled and use Kerberos authentication. To enable delegation, see 'Allow computer accounts to be trusted for delegation' help topic.
976	The Web client cannot be configured to forward requests to the selected CA.	The Web client cannot be configured to forward requests to the selected CA.
977	The value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1).	The value for the following key is incorrect in the INF file. It should be a boolean value (Yes/No/True/False/0/1).
978	Workstation Authentication	Workstation Authentication
979	RAS and IAS Server	RAS and IAS Server
980	Low Assurance	Low Assurance
981	Medium Assurance	Medium Assurance
982	High Assurance	High Assurance
983	OCSP Response Signing	OCSP Response Signing
984	Kerberos Authentication	Kerberos Authentication
1000	Key recovery agent	Key recovery agent
1001	Directory e-mail replication	Directory e-mail replication
1002	Cross-certified certification authority	Cross-certified certification authority
1003	Certification authority (CA)	Certification authority (CA)
1007	Active Directory KRA	Active Directory KRA
1008	Active Directory AIA	Active Directory AIA
1009	Logged on user	Logged on user
1010	Local system	Local system
1011	username/password	username/password
1012	certificate	certificate
1013	windows integrated	windows integrated
1014	anonymous	anonymous
1015	unknown	unknown
1016	credential is private	credential is private
2000	Bytes	Bytes
2001	%ws already in DS store.	%ws already in DS store.
2002	Certificate	Certificate
2003	Subject Key Id (%ws):	Subject Key Id (%ws):
2004	precomputed	precomputed
2005	Cannot open Cert store.	Cannot open Cert store.
2006	Cannot open existing Cert store. Use %ws option to force Cert store creation.	Cannot open existing Cert store. Use %ws option to force Cert store creation.
2007	CertificateStoreName CertIdList [PropertyInfFile \| SDDLSecurityDescriptor]	CertificateStoreName CertIdList [PropertyInfFile \| SDDLSecurityDescriptor]
2008	Repair key association or update certificate properties or key security descriptor	Repair key association or update certificate properties or key security descriptor
2009	%d bit key	%d bit key
2010	Delete registry value	Delete registry value
2011	Cannot verify detached signature	Cannot verify detached signature
2012	[CertificateStoreName] CertId PFXFile [Modifiers]	[CertificateStoreName] CertId PFXFile [Modifiers]
2013	Export certificate and private key	Export certificate and private key
2014	[CertificateStoreName] PFXFile [Modifiers]	[CertificateStoreName] PFXFile [Modifiers]
2015	Import certificate and private key	Import certificate and private key
2016	[Template]	[Template]
2017	Display DS Template Attributes	Display DS Template Attributes
2018	TemplateInfFile	TemplateInfFile
2019	Add DS Templates	Add DS Templates
2020	Created DS Template	Created DS Template
2021	Updated DS Template	Updated DS Template
2022	%ws: -%ws command completed successfully.	%ws: -%ws command completed successfully.
2023	The %ws service may need to be restarted for changes to take effect.	The %ws service may need to be restarted for changes to take effect.
2025	Display Enrollment Policy templates	Display Enrollment Policy templates
2026	Template	Template
2027	Display CAs for template	Display CAs for template
2029	Display templates for CA	Display templates for CA
2030	Display user templates	Display user templates
2031	Display machine templates	Display machine templates
2032	Template Extensions:	Template Extensions:
2033	Enter new password for output file %ws:	Enter new password for output file %ws:
2034	Enter password for %ws:	Enter password for %ws:
2035	Encode text without CR characters	Encode text without CR characters
2036	InFile OutFile [type]	InFile OutFile [type]
2037	Encode file in hexadecimal	Encode file in hexadecimal
2038	Embedded ASN.1 Element:	Embedded ASN.1 Element:
2039	Split embedded ASN.1 elements, and save to files	Split embedded ASN.1 elements, and save to files
2040	Use local machine Enterprise registry certificate store	Use local machine Enterprise registry certificate store
2041	No root certificates found.	No root certificates found.
2042	Invalidity Date	Invalidity Date
2043	Querying %ws	Querying %ws
2044	Role Separation	Role Separation
2045	Verified Issuance Policies	Verified Issuance Policies
2046	Verified Application Policies	Verified Application Policies
2047	[URL \| %1 \| %2 [%3]]	[URL \| %1 \| %2 [%3]]
2048	Display or delete URL cache entries	Display or delete URL cache entries
2049	KRA cert count	KRA cert count
2050	KRA cert used count	KRA cert used count
2051	KRA cert	KRA cert
2052	Invalid ObjectId or Algorithm	Invalid ObjectId or Algorithm
2053	PKCS7/CMS Message:	PKCS7/CMS Message:
2054	No display names	No display names
2055	Type mismatch	Type mismatch
2056	Localized name	Localized name
2057	CSP Provider Info	CSP Provider Info
2058	InFileList\|SerialNumber\|%1 OutFileList [StartDate[+\|-%9]+\|-%9] [+SerialNumberList \| -SerialNumberList \| -ObjectIdList \| @ExtensionFile] InFileList\|SerialNumber\|%1 OutFileList [#HashAlgorithm] [+%6 \| -%6] InFileList OutFileList [%10] [%11hex data]	InFileList\|SerialNumber\|%1 OutFileList [StartDate[+\|-%9]+\|-%9] [+SerialNumberList \| -SerialNumberList \| -ObjectIdList \| @ExtensionFile] InFileList\|SerialNumber\|%1 OutFileList [#HashAlgorithm] [+%6 \| -%6] InFileList OutFileList [%10] [%11hex data]
2059	Re-sign CRL or certificate	Re-sign CRL or certificate
2060	Signing certificate Subject	Signing certificate Subject
2061	RowId \| Date [%1 \| %2 \| %3 \| %4 \| %5]	RowId \| Date [%1 \| %2 \| %3 \| %4 \| %5]
2062	Delete server database row	Delete server database row
2063	Rows deleted: %u	Rows deleted: %u
2064	One of the following tables must be specified when deleting rows older than %ws:	One of the following tables must be specified when deleting rows older than %ws:
2065	The date specified is in the future: %ws	The date specified is in the future: %ws
2066	CRL Hash(%ws):	CRL Hash(%ws):
2067	Include CRLs	Include CRLs
2068	Full Response	Full Response
2069	CA cert chain with CRLs	CA cert chain with CRLs
2070	CA exchange cert chain with CRLs	CA exchange cert chain with CRLs
2071	Pulse autoenrollment event or NGC task	Pulse autoenrollment event or NGC task
2072	DomainName\MachineName$	DomainName\MachineName$
2073	Display Active Directory machine object information	Display Active Directory machine object information
2074	Machine object missing %ws attribute.	Machine object missing %ws attribute.
2075	Group Memberships:	Group Memberships:
2076	[Domain] [%1 \| %2 \| %3]	[Domain] [%1 \| %2 \| %3]
2077	Display domain controller information	Display domain controller information
2078	Enterprise Root store: %ws	Enterprise Root store: %ws
2079	KDC certificates: %ws	KDC certificates: %ws
2080	DC UNAVAILABLE: %ws	DC UNAVAILABLE: %ws
2081	*** Testing DC[%u]: %ws	*** Testing DC[%u]: %ws
2082	** Enterprise Root Certificates for DC %ws	** Enterprise Root Certificates for DC %ws
2083	** KDC Certificates for DC %ws	** KDC Certificates for DC %ws
2084	Unknown Property	Unknown Property
2086	Public Key Length: %u bits	Public Key Length: %u bits
2087	Advanced Server	Advanced Server
2088	CRL Publish Status	CRL Publish Status
2089	Delta CRL Publish Status	Delta CRL Publish Status
2090	Templates	Templates
2091	Parameter = %x	Parameter = %x
2092	Parameter Flags = %x	Parameter Flags = %x
2093	Archived!	Archived!
2095	Display enterprise information	Display enterprise information
2096	Display CA information	Display CA information
2097	DSS Key Length: %u bits	DSS Key Length: %u bits
2098	================ CTL %d ================	================ CTL %d ================
2099	Client Id:	Client Id:
2100	User:	User:
2101	Machine:	Machine:
2102	Certificate Trust List:	Certificate Trust List:
2103	List Identifier:	List Identifier:
2104	Sequence Number:	Sequence Number:
2105	Subject Algorithm:	Subject Algorithm:
2106	CTL Entries:	CTL Entries:
2107	Usage Entries:	Usage Entries:
2108	Subject Identifier%ws:	Subject Identifier%ws:
2109	View Certificate Store	View Certificate Store
2110	Select Certificate	Select Certificate
2111	Select Certificate to Delete	Select Certificate to Delete
2112	Saved certificate %ws	Saved certificate %ws
2113	Deleted certificate %ws	Deleted certificate %ws
2114	Enroll-on-Behalf-of	Enroll-on-Behalf-of
2115	[ReaderName [%1]]	[ReaderName [%1]]
2116	Display smart card information	Display smart card information
2117	Service is paused.	Service is paused.
2118	Service is stopped.	Service is stopped.
2119	Service is in an unknown state.	Service is in an unknown state.
2120	The Microsoft Smart Card Resource Manager is running.	The Microsoft Smart Card Resource Manager is running.
2121	The Microsoft Smart Card Resource Manager is not running.	The Microsoft Smart Card Resource Manager is not running.
2122	Found AT_SIGNATURE key but no AT_KEYEXCHANGE key	Found AT_SIGNATURE key but no AT_KEYEXCHANGE key
2123	Server could not be reached: %ws	Server could not be reached: %ws
2124	Select Decryption Certificate	Select Decryption Certificate
2125	Foreign Cert	Foreign Cert
2126	KRA Cert	KRA Cert
2127	UPN:	UPN:
2128	Subject Unmodified	Subject Unmodified
2129	Publish Error	Publish Error
2130	NULL signature verifies	NULL signature verifies
2131	Source Url Name:	Source Url Name:
2132	Local File Name:	Local File Name:
2133	Use Count: %d	Use Count: %d
2134	Hit Rate: %d	Hit Rate: %d
2135	File Size: %d	File Size: %d
2136	Last Modified Time:	Last Modified Time:
2137	Expire Time:	Expire Time:
2138	Last Access Time:	Last Access Time:
2139	Last Sync Time:	Last Sync Time:
2140	Error: Check machine name. Should be domain\computer$	Error: Check machine name. Should be domain\computer$
2141	%ws is missing trailing $, correct?	%ws is missing trailing $, correct?
2142	Issuer Domain Policy =	Issuer Domain Policy =
2143	Subject Domain Policy =	Subject Domain Policy =
2144	Map[%u]:	Map[%u]:
2145	Cert Type not DC: %ws	Cert Type not DC: %ws
2146	Cert Usage missing %ws	Cert Usage missing %ws
2147	Deleted KDC certificate!	Deleted KDC certificate!
2148	CertDeleteCertificateFromStore failed! - %x	CertDeleteCertificateFromStore failed! - %x
2149	%u KDC certificates for %ws	%u KDC certificates for %ws
2150	No KDC Certificate in MY store	No KDC Certificate in MY store
2151	No certificates in Enterprise Root store!	No certificates in Enterprise Root store!
2152	CertOpenStore on remote My store failed! - %x	CertOpenStore on remote My store failed! - %x
2153	Error Getting Archived Prop bit! - %x	Error Getting Archived Prop bit! - %x
2154	++ Archived Certificate ++	++ Archived Certificate ++
2155	No Autoenrolled Certificates in MY store!!!	No Autoenrolled Certificates in MY store!!!
2156	CertOpenStore on remote ent store failed! %x	CertOpenStore on remote ent store failed! %x
2157	No Autoenrollment Objects!!!	No Autoenrollment Objects!!!
2158	No Access!	No Access!
2159	Retrieve and verify AIA Certs and CDP CRLs	Retrieve and verify AIA Certs and CDP CRLs
2160	Defaults to Request and Certificate table %1 -- Extension table %2 -- Attribute table %3 -- CRL table	Defaults to Request and Certificate table %1 -- Extension table %2 -- Attribute table %3 -- CRL table
2161	CA Registry Validity Period: %ws %ws	CA Registry Validity Period: %ws %ws
2162	Supported Certificate Templates:	Supported Certificate Templates:
2163	No supported Certificate Templates::	No supported Certificate Templates::
2164	CA Name property fetching failed! %x	CA Name property fetching failed! %x
2165	CA Name: %ws	CA Name: %ws
2166	DNS Name property fetching failed! %x	DNS Name property fetching failed! %x
2167	Machine Name: %ws	Machine Name: %ws
2168	DS Location: %ws	DS Location: %ws
2169	Cert DN property fetching failed! %x	Cert DN property fetching failed! %x
2170	Cert DN: %ws	Cert DN: %ws
2171	Sig Alg property fetching failed! %x	Sig Alg property fetching failed! %x
2172	Supported signature algs: %ws	Supported signature algs: %ws
2173	No signature algs on DS!	No signature algs on DS!
2174	No Certificate types for this CA	No Certificate types for this CA
2175	No certificate type returned, although one exists!	No certificate type returned, although one exists!
2176	No CA's listed in the domain. The configuration might be stored in the root domain. Use the -dc option to target your root domain controller for the information.	No CA's listed in the domain. The configuration might be stored in the root domain. Use the -dc option to target your root domain controller for the information.
2177	Cannot access DFS share	Cannot access DFS share
2178	DFS Data is accessible	DFS Data is accessible
2179	No entries found in Ping Search!	No entries found in Ping Search!
2180	No DSPath for Policy [non-fatal]	No DSPath for Policy [non-fatal]
2181	RegQueryValue (DSPATH) failed! %x	RegQueryValue (DSPATH) failed! %x
2182	No FileSysPath for Policy [non-fatal]	No FileSysPath for Policy [non-fatal]
2183	Done.	Done.
2184	ldap search (%ws) found 0 items!	ldap search (%ws) found 0 items!
2185	=========== Root Certs in policy =================	=========== Root Certs in policy =================
2186	Certificate %u:	Certificate %u:
2187	No Root Certificates in Policy on this machine	No Root Certificates in Policy on this machine
2188	Check event log for UserEnv errors!	Check event log for UserEnv errors!
2189	==== Policies Processed for MACHINE ===	==== Policies Processed for MACHINE ===
2190	==== Policies Processed for USER ===	==== Policies Processed for USER ===
2191	Possibly No Policies applied. See Event Log for Userenv errors!	Possibly No Policies applied. See Event Log for Userenv errors!
2192	Target a specific Domain Controller	Target a specific Domain Controller
2193	DCName	DCName
2194	Display Name:	Display Name:
2195	Computer Name: %ws	Computer Name: %ws
2196	User Name: %ws	User Name: %ws
2197	bad option	bad option
2198	++++++++ MACHINE: %ws ++++++++	++++++++ MACHINE: %ws ++++++++
2199	### Key:	### Key:
2200	GPO Name: %ws	GPO Name: %ws
2201	Signature matches request Public Key	Signature matches request Public Key
2202	ColumnList	ColumnList
2203	Comma separated Column List	Comma separated Column List
2204	RestrictionList	RestrictionList
2205	Comma separated Restriction List	Comma separated Restriction List
2206	Machine\CAName	Machine\CAName
2207	CA and Machine name string	CA and Machine name string
2208	Display a verb list (command list)	Display a verb list (command list)
2209	Display help text for the "%ws" verb	Display help text for the "%ws" verb
2210	Display all help text for all verbs	Display all help text for all verbs
2211	Imported foreign certificate	Imported foreign certificate
2212	Imported certificate	Imported certificate
2213	Certificate already imported	Certificate already imported
2214	Archived key updated	Archived key updated
2215	Archived key	Archived key
2216	Key already archived	Key already archived
2217	Ignored signing certificate	Ignored signing certificate
2218	Users	Users
2219	Ignored signature certificates	Ignored signature certificates
2220	Certificates with keys	Certificates with keys
2221	Foreign certificates imported	Foreign certificates imported
2222	Certificates already imported	Certificates already imported
2223	Certificates imported	Certificates imported
2224	Certificates not imported	Certificates not imported
2225	Keys	Keys
2226	Keys already archived	Keys already archived
2227	Keys updated	Keys updated
2228	Keys archived	Keys archived
2229	Keys not archived	Keys not archived
2230	Merge PFX files	Merge PFX files
2231	PFXInFileList PFXOutFile [Modifiers]	PFXInFileList PFXOutFile [Modifiers]
2232	Online	Online
2233	OFFLINE	OFFLINE
2234	Previous CA Cert Hash	Previous CA Cert Hash
2235	Message Digest	Message Digest
2236	Archived Key Cert Hash	Archived Key Cert Hash
2237	Issued Cert Hash	Issued Cert Hash
2238	Encrypted Key Hash	Encrypted Key Hash
2239	CRL Number	CRL Number
2240	Minimum Base CRL Number	Minimum Base CRL Number
2241	Virtual Base CRL Number	Virtual Base CRL Number
2242	CRL Next Publish	CRL Next Publish
2243	Signing Time	Signing Time
2244	Delta CRL CDP	Delta CRL CDP
2245	CRL Self CDP	CRL Self CDP
2246	Application Policies	Application Policies
2247	Application Policy Mappings	Application Policy Mappings
2248	Application Policy Constraints	Application Policy Constraints
2249	Policy Mappings	Policy Mappings
2250	Policy Constraints	Policy Constraints
2251	Counter Signature	Counter Signature
2252	%u Machine certificates (%u archived)	%u Machine certificates (%u archived)
2253	for %ws	for %ws
2254	V1 Autoenrollment Objects:	V1 Autoenrollment Objects:
2255	Skipping CSP at index %u	Skipping CSP at index %u
2256	Provider Name:	Provider Name:
2257	Provider Type:	Provider Type:
2258	Private key verifies	Private key verifies
2259	Processing KMS exports from:	Processing KMS exports from:
2261	Encrypted key:	Encrypted key:
2262	Decrypted key:	Decrypted key:
2263	Failed to import symmetric key	Failed to import symmetric key
2264	Lock box opened, symmetric key successfully decrypted	Lock box opened, symmetric key successfully decrypted
2265	Moved AT_SIGNATURE key to AT_KEYEXCHANGE	Moved AT_SIGNATURE key to AT_KEYEXCHANGE
2266	Validated Cert Types	Validated Cert Types
2267	Cert Type	Cert Type
2268	==== %u CAs on %ws Domain ====	==== %u CAs on %ws Domain ====
2269	CACountCAs inconsistent with CAEnumNextCA	CACountCAs inconsistent with CAEnumNextCA
2270	Cached LDAP DC	Cached LDAP DC
2271	Current reader/card status:	Current reader/card status:
2272	SCardEstablishContext failed for user scope.	SCardEstablishContext failed for user scope.
2273	A list of smart card readers cannot be determined.	A list of smart card readers cannot be determined.
2274	SCardListReaders failed for SCARD_ALL_READERS	SCardListReaders failed for SCARD_ALL_READERS
2275	No smart card readers are currently available.	No smart card readers are currently available.
2276	A list of smart card readers could not be determined.	A list of smart card readers could not be determined.
2277	Readers:	Readers:
2278	--- Reader:	--- Reader:
2279	--- Status:	--- Status:
2280	No card.	No card.
2281	The card is unrecognized or not responding.	The card is unrecognized or not responding.
2282	Card is in use exclusively by another process.	Card is in use exclusively by another process.
2283	The card is being shared by a process.	The card is being shared by a process.
2284	The card is available for use.	The card is available for use.
2285	Card/Reader not responding.	Card/Reader not responding.
2286	--- Card:	--- Card:
2287	Unknown Card.	Unknown Card.
2288	Performing %ws public key matching test...	Performing %ws public key matching test...
2289	%ws succeeded but returned zero size	%ws succeeded but returned zero size
2290	Public key from KeyProvInfo container:	Public key from KeyProvInfo container:
2291	Public key from Cert:	Public key from Cert:
2292	Public key matching test succeeded	Public key matching test succeeded
2293	Chain on smart card is invalid	Chain on smart card is invalid
2294	Chain validates	Chain validates
2295	No %ws key for reader:	No %ws key for reader:
2296	Cannot open the %ws key for reader:	Cannot open the %ws key for reader:
2297	No %ws cert retrieved for reader:	No %ws cert retrieved for reader:
2298	Performing cert chain verification...	Performing cert chain verification...
2299	Displayed %ws cert for reader:	Displayed %ws cert for reader:
2300	Analyzing card in reader:	Analyzing card in reader:
2301	Cannot retrieve Provider Name for %ws	Cannot retrieve Provider Name for %ws
2302	%1 -- Failed and pending requests (submission date) %2 -- Expired and revoked certificates (expiration date) %3 -- Extension table %4 -- Attribute table %5 -- CRL table (expiration date) To delete failed and pending requests submitted by January 22, 2001: 1/22/2001 %1 To delete all certificates that expired by January 22, 2001: 1/22/2001 %2 To delete the certificate row, attributes and extensions for RequestId 37: 37 To delete CRLs that expired by January 22, 2001: 1/22/2001 %5	%1 -- Failed and pending requests (submission date) %2 -- Expired and revoked certificates (expiration date) %3 -- Extension table %4 -- Attribute table %5 -- CRL table (expiration date) To delete failed and pending requests submitted by January 22, 2001: 1/22/2001 %1 To delete all certificates that expired by January 22, 2001: 1/22/2001 %2 To delete the certificate row, attributes and extensions for RequestId 37: 37 To delete CRLs that expired by January 22, 2001: 1/22/2001 %5
2303	All	All
2305	Select Certificate or CRL	Select Certificate or CRL
2306	Certificate Files\|.cer;.crt\|CRL Files\|*.crl\|\|	Certificate Files\|.cer;.crt\|CRL Files\|*.crl\|\|
2307	cer	cer
2308	Convert PFX files to EPF file	Convert PFX files to EPF file
2309	PFXInFileList EPFOutFile [%1 \| %2] [V3CACertId][,Salt]	PFXInFileList EPFOutFile [%1 \| %2] [V3CACertId][,Salt]
2310	ERROR: Could not find a matching user or computer in Active Directory.	ERROR: Could not find a matching user or computer in Active Directory.
2311	KMS CA Certificate List	KMS CA Certificate List
2312	Select KMS CA certificate	Select KMS CA certificate
2313	RequestId -- numeric Request Id of a pending request ExtensionName -- ObjectId string of the extension Flags -- 0 is recommended. 1 makes the extension critical, 2 disables it, 3 does both. If the last parameter is numeric, it is taken as a Long. If it can be parsed as a date, it is taken as a Date. If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump. Anything else is taken as a String.	RequestId -- numeric Request Id of a pending request ExtensionName -- ObjectId string of the extension Flags -- 0 is recommended. 1 makes the extension critical, 2 disables it, 3 does both. If the last parameter is numeric, it is taken as a Long. If it can be parsed as a date, it is taken as a Date. If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump. Anything else is taken as a String.
2314	InFileList -- comma separated list of Certificate or CRL files to modify and re-sign SerialNumber -- Serial number of certificate to create Validity period and other options must not be present %1 -- Create an empty CRL Validity period and other options must not be present OutFileList -- comma separated list of modified Certificate or CRL output files. The number of files must match InFileList. StartDate[+\|-%9]+\|-%9 -- new validity period: optional date plus optional days and hours start date offset and optional days and hours validity period If multiple fields are used, use a (+) or (-) separator Use "%7[+%9]" to start at the current time Use "%7-%9+%9" to start at a fixed offset from the current time and a fixed validity period Use "%8" to have no expiration date (for CRLs only) SerialNumberList -- comma separated serial number list to add or remove ObjectIdList -- comma separated extension ObjectId list to remove @ExtensionFile -- INF file containing extensions to update or remove: %2 %3 Remove CRL Distribution Points extension %4 Update Key Usage extension %5 HashAlgorithm -- Name of the hash algorithm preceded by a # sign %6 -- alternate Signature algorithm specifier A minus sign causes serial numbers and extensions to be removed. A plus sign causes serial numbers to be added to a CRL. When removing items from a CRL, the list may contain both serial numbers and ObjectIds. A minus sign before %6 causes the legacy signature format to be used. A plus sign before %6 causes the alternature signature format to be used. If %6 is not specifed then the signature format in the certificate or CRL is used.	InFileList -- comma separated list of Certificate or CRL files to modify and re-sign SerialNumber -- Serial number of certificate to create Validity period and other options must not be present %1 -- Create an empty CRL Validity period and other options must not be present OutFileList -- comma separated list of modified Certificate or CRL output files. The number of files must match InFileList. StartDate[+\|-%9]+\|-%9 -- new validity period: optional date plus optional days and hours start date offset and optional days and hours validity period If multiple fields are used, use a (+) or (-) separator Use "%7[+%9]" to start at the current time Use "%7-%9+%9" to start at a fixed offset from the current time and a fixed validity period Use "%8" to have no expiration date (for CRLs only) SerialNumberList -- comma separated serial number list to add or remove ObjectIdList -- comma separated extension ObjectId list to remove @ExtensionFile -- INF file containing extensions to update or remove: %2 %3 Remove CRL Distribution Points extension %4 Update Key Usage extension %5 HashAlgorithm -- Name of the hash algorithm preceded by a # sign %6 -- alternate Signature algorithm specifier A minus sign causes serial numbers and extensions to be removed. A plus sign causes serial numbers to be added to a CRL. When removing items from a CRL, the list may contain both serial numbers and ObjectIds. A minus sign before %6 causes the legacy signature format to be used. A plus sign before %6 causes the alternature signature format to be used. If %6 is not specifed then the signature format in the certificate or CRL is used.
2315	InfoName -- indicates the CA property to display (see below) Use "*" for all properties Index -- optional zero-based property index ErrorCode -- numeric error code	InfoName -- indicates the CA property to display (see below) Use "*" for all properties Index -- optional zero-based property index ErrorCode -- numeric error code
2316	%1 -- Use CA's registry key %2 -- Use CA's restore registry key %3 -- Use policy module's registry key %4 -- Use first exit module's registry key %5 -- Use template registry key (use -user for user templates) %6 -- Use enrollment registry key (use -user for user context) %7 -- Use chain configuration registry key %8 -- Use Policy Servers registry key %9 -- Use policy or exit module's ProgId (registry subkey name) RegistryValueName -- registry value name (use "Name*" to prefix match) Value -- new numeric, string or date registry value or filename. If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value. If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value. To force creation of a REG_MULTI_SZ value, add a " " to the end of the string value. If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value. If it does not refer to a valid file, it is instead parsed as [Date][+\|-][%11] -- an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus sign (-) separator. Use "%10+%11" for a date relative to the current time. Use "%13" as a suffix to create a REG_QWORD value. Use "%7\%12 @%10" to effectively flush cached CRLs.	%1 -- Use CA's registry key %2 -- Use CA's restore registry key %3 -- Use policy module's registry key %4 -- Use first exit module's registry key %5 -- Use template registry key (use -user for user templates) %6 -- Use enrollment registry key (use -user for user context) %7 -- Use chain configuration registry key %8 -- Use Policy Servers registry key %9 -- Use policy or exit module's ProgId (registry subkey name) RegistryValueName -- registry value name (use "Name*" to prefix match) Value -- new numeric, string or date registry value or filename. If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value. If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value. To force creation of a REG_MULTI_SZ value, add a " " to the end of the string value. If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value. If it does not refer to a valid file, it is instead parsed as [Date][+\|-][%11] -- an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus sign (-) separator. Use "%10+%11" for a date relative to the current time. Use "%13" as a suffix to create a REG_QWORD value. Use "%7\%12 @%10" to effectively flush cached CRLs.
2317	%3 -- new CRL validity period in days and hours %1 -- republish most recent CRLs %2 -- delta CRLs only (default is base and delta CRLs)	%3 -- new CRL validity period in days and hours %1 -- republish most recent CRLs %2 -- delta CRLs only (default is base and delta CRLs)
2318	Index -- CRL index or key index (defaults to CRL for newest key) %1 -- delta CRL (default is base CRL)	Index -- CRL index or key index (defaults to CRL for newest key) %1 -- delta CRL (default is base CRL)
2319	CertFile -- Certificate to verify ApplicationPolicyList -- optional comma separated list of required Application Policy ObjectIds IssuancePolicyList -- optional comma separated list of required Issuance Policy ObjectIds CACertFile -- optional issuing CA certificate to verify against CrossedCACertFile -- optional certificate cross-certified by CertFile CRLFile -- CRL to verify IssuedCertFile -- optional issued certificate covered by CRLFile DeltaCRLFile -- optional delta CRL If ApplicationPolicyList is specified, chain building is restricted to chains valid for the specified Application Policies. If IssuancePolicyList is specified, chain building is restricted to chains valid for the specified Issuance Policies. If CACertFile is specified, fields in CACertFile are verified against CertFile or CRLFile. If CACertFile is not specified, CertFile is used to build and verify a full chain. If CACertFile and CrossedCACertFile are both specified, fields in CACertFile and CrossedCACertFile are verified against CertFile. If IssuedCertFile is specified, fields in IssuedCertFile are verified against CRLFile. If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against CRLFile.	CertFile -- Certificate to verify ApplicationPolicyList -- optional comma separated list of required Application Policy ObjectIds IssuancePolicyList -- optional comma separated list of required Issuance Policy ObjectIds CACertFile -- optional issuing CA certificate to verify against CrossedCACertFile -- optional certificate cross-certified by CertFile CRLFile -- CRL to verify IssuedCertFile -- optional issued certificate covered by CRLFile DeltaCRLFile -- optional delta CRL If ApplicationPolicyList is specified, chain building is restricted to chains valid for the specified Application Policies. If IssuancePolicyList is specified, chain building is restricted to chains valid for the specified Issuance Policies. If CACertFile is specified, fields in CACertFile are verified against CertFile or CRLFile. If CACertFile is not specified, CertFile is used to build and verify a full chain. If CACertFile and CrossedCACertFile are both specified, fields in CACertFile and CrossedCACertFile are verified against CertFile. If IssuedCertFile is specified, fields in IssuedCertFile are verified against CRLFile. If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against CRLFile.
2320	KeyContainerName -- key container name of the key to verify Defaults to machine keys. Use -user for user keys CACertFile -- signing or encryption certificate file If no arguments are specified, each signing CA cert is verified against its private key. This operation can only be performed against a local CA or local keys.	KeyContainerName -- key container name of the key to verify Defaults to machine keys. Use -user for user keys CACertFile -- signing or encryption certificate file If no arguments are specified, each signing CA cert is verified against its private key. This operation can only be performed against a local CA or local keys.
2321	CertificateStoreName -- Certificate store name. Examples: "%1", "%2" (default), "%3", "%10" (View Root Certificates) "%11" (Modify Root Certificates) "%12" (View CRLs) "%13" (Enterprise CA Certificates) %16 (AD machine object certificates) %5 %16 (AD user object certificates) CertId -- Certificate or CRL match token. This can be a serial number, an SHA-1 certificate, CRL, CTL or public key hash, a numeric cert index (0, 1, etc.), a numeric CRL index (.0, .1, etc.), a numeric CTL index (..0, ..1, etc.), a public key, signature or extension ObjectId, a certificate subject Common Name, an e-mail address, UPN or DNS name, a key container name or CSP name, a template name or ObjectId, an EKU or Application Policies ObjectId, or a CRL issuer Common Name. Many of the above may result in multiple matches. OutputFile -- file to save matching cert Use %5 to access a user store instead of a machine store. Use %4 to access a machine enterprise store. Use %14 to access a machine service store. Use %15 to access a machine group policy store. Examples: %6 %7 %8 %9	CertificateStoreName -- Certificate store name. Examples: "%1", "%2" (default), "%3", "%10" (View Root Certificates) "%11" (Modify Root Certificates) "%12" (View CRLs) "%13" (Enterprise CA Certificates) %16 (AD machine object certificates) %5 %16 (AD user object certificates) CertId -- Certificate or CRL match token. This can be a serial number, an SHA-1 certificate, CRL, CTL or public key hash, a numeric cert index (0, 1, etc.), a numeric CRL index (.0, .1, etc.), a numeric CTL index (..0, ..1, etc.), a public key, signature or extension ObjectId, a certificate subject Common Name, an e-mail address, UPN or DNS name, a key container name or CSP name, a template name or ObjectId, an EKU or Application Policies ObjectId, or a CRL issuer Common Name. Many of the above may result in multiple matches. OutputFile -- file to save matching cert Use %5 to access a user store instead of a machine store. Use %4 to access a machine enterprise store. Use %14 to access a machine service store. Use %15 to access a machine group policy store. Examples: %6 %7 %8 %9
2322	CertificateStoreName -- Certificate store name. See -store. InFile -- Certificate or CRL file to add to store.	CertificateStoreName -- Certificate store name. See -store. InFile -- Certificate or CRL file to add to store.
2323	CertificateStoreName -- Certificate store name. See -store. CertId -- Certificate or CRL match token. See -store.	CertificateStoreName -- Certificate store name. See -store. CertId -- Certificate or CRL match token. See -store.
2324	BackupDirectory -- directory to store backed up data %1 -- perform incremental backup only (default is full backup) %2 -- preserve database log files (default is to truncate log files)	BackupDirectory -- directory to store backed up data %1 -- perform incremental backup only (default is full backup) %2 -- preserve database log files (default is to truncate log files)
2325	BackupDirectory -- directory to store backed up database files %1 -- perform incremental backup only (default is full backup) %2 -- preserve database log files (default is to truncate log files)	BackupDirectory -- directory to store backed up database files %1 -- perform incremental backup only (default is full backup) %2 -- preserve database log files (default is to truncate log files)
2326	BackupDirectory -- directory to store backed up PFX file	BackupDirectory -- directory to store backed up PFX file
2327	BackupDirectory -- directory containing data to be restored	BackupDirectory -- directory containing data to be restored
2328	BackupDirectory -- directory containing database files to be restored	BackupDirectory -- directory containing database files to be restored
2329	BackupDirectory -- directory containing PFX file to be restored PFXFile -- PFX file to be restored	BackupDirectory -- directory containing PFX file to be restored PFXFile -- PFX file to be restored
2330	CertificateStoreName -- Certificate store name. See -store. CertId -- Certificate or CRL match token. See -store. PFXFile -- exported PFX data output file Modifiers -- Comma separated list of one or more of the following: %5 -- Do not export the certificate chain %6 -- Do not export the root certificate %9 -- Include extended properties %10 -- Do not encrypt the certificates %11 -- Encrypt the certificates %12 -- Export Parameters Defaults to personal machine store.	CertificateStoreName -- Certificate store name. See -store. CertId -- Certificate or CRL match token. See -store. PFXFile -- exported PFX data output file Modifiers -- Comma separated list of one or more of the following: %5 -- Do not export the certificate chain %6 -- Do not export the root certificate %9 -- Include extended properties %10 -- Do not encrypt the certificates %11 -- Encrypt the certificates %12 -- Export Parameters Defaults to personal machine store.
2331	CertificateStoreName -- Certificate store name. See -store. PFXFile -- PFX file to be imported Modifiers -- Comma separated list of one or more of the following: %1 -- Change the KeySpec to Signature %2 -- Change the KeySpec to Key Exchange %3 -- Make the private key non-exportable %4 -- Do not import the certificate %5 -- Do not import the certificate chain %6 -- Do not import the root certificate %7 -- Protect keys with password %8 -- Do not password protect keys Defaults to personal machine store.	CertificateStoreName -- Certificate store name. See -store. PFXFile -- PFX file to be imported Modifiers -- Comma separated list of one or more of the following: %1 -- Change the KeySpec to Signature %2 -- Change the KeySpec to Key Exchange %3 -- Make the private key non-exportable %4 -- Do not import the certificate %5 -- Do not import the certificate chain %6 -- Do not import the root certificate %7 -- Protect keys with password %8 -- Do not password protect keys Defaults to personal machine store.
2332	UserKeyAndCertFile -- Data file containing user private keys and certificates to be archived. This can be any of the following: Exchange Key Management Server (KMS) export file PFX file CertId -- KMS export file decryption certificate match token. See -store. Use %1 to import certificates not issued by the CA.	UserKeyAndCertFile -- Data file containing user private keys and certificates to be archived. This can be any of the following: Exchange Key Management Server (KMS) export file PFX file CertId -- KMS export file decryption certificate match token. See -store. Use %1 to import certificates not issued by the CA.
2333	PFXInFileList -- Comma separated PFX input file list PFXOutFile -- PFX output file Modifiers -- Comma separated list of one or more of the following: %9 -- Include extended properties %10 -- Do not encrypt the certificates %11 -- Encrypt the certificates The password specified on the command line is a comma separated password list. If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password.	PFXInFileList -- Comma separated PFX input file list PFXOutFile -- PFX output file Modifiers -- Comma separated list of one or more of the following: %9 -- Include extended properties %10 -- Do not encrypt the certificates %11 -- Encrypt the certificates The password specified on the command line is a comma separated password list. If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password.
2334	PFXInFileList -- Comma separated PFX input file list EPF -- EPF output file %1 -- Use CAST 64 encryption %2 -- Use CAST 64 encryption (export) V3CACertId -- V3 CA Certificate match token. See -store CertId description. Salt -- EPF output file salt string The password specified on the command line is a comma separated password list. If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password.	PFXInFileList -- Comma separated PFX input file list EPF -- EPF output file %1 -- Use CAST 64 encryption %2 -- Use CAST 64 encryption (export) V3CACertId -- V3 CA Certificate match token. See -store CertId description. Salt -- EPF output file salt string The password specified on the command line is a comma separated password list. If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password.
2335	RequestId -- numeric Request Id of pending request AttributeString -- Request Attribute name and value pairs Names and values are colon separated. Multiple name, value pairs are newline separated. Example: "CertificateTemplate:User EMail:[email protected]" Each " " sequence is converted to a newline separator.	RequestId -- numeric Request Id of pending request AttributeString -- Request Attribute name and value pairs Names and values are colon separated. Multiple name, value pairs are newline separated. Example: "CertificateTemplate:User EMail:[email protected]" Each " " sequence is converted to a newline separator.
2336	SerialNumber -- Comma separated list of certificate serial numbers to revoke Reason -- numeric or symbolic revocation reason: 0: %1 -- Unspecified (default) 1: %2 -- Key Compromise 2: %3 -- CA Compromise 3: %4 -- Affiliation Changed 4: %5 -- Superseded 5: %6 -- Cessation of Operation 6: %7 -- Certificate Hold 8: %8 -- Remove From CRL 9: %9 -- Privilege Withdrawn 10: %10 -- AA Compromise -1: %11 -- Unrevoke	SerialNumber -- Comma separated list of certificate serial numbers to revoke Reason -- numeric or symbolic revocation reason: 0: %1 -- Unspecified (default) 1: %2 -- Key Compromise 2: %3 -- CA Compromise 3: %4 -- Affiliation Changed 4: %5 -- Superseded 5: %6 -- Cessation of Operation 6: %7 -- Certificate Hold 8: %8 -- Remove From CRL 9: %9 -- Privilege Withdrawn 10: %10 -- AA Compromise -1: %11 -- Unrevoke
2337	Use %1 to import the certificate in place of a pending request for the same key. Use %2 to import certificates not issued by the CA. The CA may also need to be configured to support foreign certificate import: %3	Use %1 to import the certificate in place of a pending request for the same key. Use %2 to import certificates not issued by the CA. The CA may also need to be configured to support foreign certificate import: %3
2338	OutCACertFile -- output file Index -- CA certificate renewal index (defaults to most recent)	OutCACertFile -- output file Index -- CA certificate renewal index (defaults to most recent)
2339	OutCACertChainFile -- output file Index -- CA certificate renewal index (defaults to most recent)	OutCACertChainFile -- output file Index -- CA certificate renewal index (defaults to most recent)
2340	Use %2 to ignore an outstanding renewal request, and generate a new request.	Use %2 to ignore an outstanding renewal request, and generate a new request.
2341	Verify Certificate or CRL URLs	Verify Certificate or CRL URLs
2342	InFile \| URL	InFile \| URL
2343	Certificate "%ws" already in store.	Certificate "%ws" already in store.
2344	Certificate "%ws" added to store.	Certificate "%ws" added to store.
2345	CRL "%ws" already in store.	CRL "%ws" already in store.
2346	CRL "%ws" added to store.	CRL "%ws" added to store.
2347	CTL %ws already in store.	CTL %ws already in store.
2348	CTL %ws added to store.	CTL %ws added to store.
2349	KMS V1 CA Certificate List	KMS V1 CA Certificate List
2350	Select KMS V1 CA certificate	Select KMS V1 CA certificate
2351	Error message text	Error message text
2352	Error message text and error code	Error message text and error code
2353	Retrieving	Retrieving
2354	Success	Success
2355	Failed	Failed
2356	Verifying	Verifying
2357	Verify Failure	Verify Failure
2358	No URLs	No URLs
2361	Wrong Issuer	Wrong Issuer
2363	Revocation Check Failed	Revocation Check Failed
2364	No CRL	No CRL
2365	OK	OK
2366	CDP	CDP
2367	AIA	AIA
2372	Status	Status
2373	Type	Type
2374	Url	Url
2375	Retrieval Time	Retrieval Time
2378	GetObjectUrl	GetObjectUrl
2379	Certificate Subject	Certificate Subject
2380	Base CRL Issuer	Base CRL Issuer
2381	Delta CRL Issuer	Delta CRL Issuer
2382	No Selection	No Selection
2383	No Certificate Selected	No Certificate Selected
2384	Error Opening Certificate or CRL File	Error Opening Certificate or CRL File
2386	Error Information	Error Information
2387	Error retrieving URL: %ws	Error retrieving URL: %ws
2388	No URLs found: %ws	No URLs found: %ws
2389	Cannot find KMS CA certificate required to construct the EPF file. Enroll a client in the same KMS and use Outlook to save the user keys to an EPF file. Take the EPF file to the current machine and use certutil to dump the EPF file. This will import the needed KMS CA certificates into the local machine cert store, making them available to construct new EPF files.	Cannot find KMS CA certificate required to construct the EPF file. Enroll a client in the same KMS and use Outlook to save the user keys to an EPF file. Take the EPF file to the current machine and use certutil to dump the EPF file. This will import the needed KMS CA certificates into the local machine cert store, making them available to construct new EPF files.
2390	%1 -- generate a script to retrieve and recover keys (default behavior if multiple matching recovery candidates are found, or if the output file is not specified). %2 -- retrieve one or more Key Recovery Blobs (default behavior if exactly one matching recovery candidate is found, and if the output file is specified) %3 -- retrieve and recover private keys in one step (requires Key Recovery Agent certificates and private keys) SearchToken -- Used to select the keys and certificates to be recovered. Can be any of the following: Certificate Common Name Certificate Serial Number Certificate SHA-1 hash (thumbprint) Certificate KeyId SHA-1 hash (Subject Key Identifier) Requester Name (domain\user) UPN (user@domain) RecoveryBlobOutFile -- output file containing a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates. OutputScriptFile -- output file containing a batch script to retrieve and recover private keys. OutputFileBaseName -- output file base name. For %2, any extension is truncated and a certificate-specific string and the %4 extension are appended for each key recovery blob. Each file contains a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates. For %3, any extension is truncated and the %5 extension is appended. Contains the recovered certificate chains and associated private keys, stored as a PFX file.	%1 -- generate a script to retrieve and recover keys (default behavior if multiple matching recovery candidates are found, or if the output file is not specified). %2 -- retrieve one or more Key Recovery Blobs (default behavior if exactly one matching recovery candidate is found, and if the output file is specified) %3 -- retrieve and recover private keys in one step (requires Key Recovery Agent certificates and private keys) SearchToken -- Used to select the keys and certificates to be recovered. Can be any of the following: Certificate Common Name Certificate Serial Number Certificate SHA-1 hash (thumbprint) Certificate KeyId SHA-1 hash (Subject Key Identifier) Requester Name (domain\user) UPN (user@domain) RecoveryBlobOutFile -- output file containing a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates. OutputScriptFile -- output file containing a batch script to retrieve and recover private keys. OutputFileBaseName -- output file base name. For %2, any extension is truncated and a certificate-specific string and the %4 extension are appended for each key recovery blob. Each file contains a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates. For %3, any extension is truncated and the %5 extension is appended. Contains the recovered certificate chains and associated private keys, stored as a PFX file.
2391	%ws deleted from DS store.	%ws deleted from DS store.
2392	Forward cross cert	Forward cross cert
2393	Backward cross cert	Backward cross cert
2397	Not found	Not found
2398	Invalid	Invalid
2399	Untrusted	Untrusted
2400	Not loaded	Not loaded
2401	CA cross cert	CA cross cert
2402	System default Language Id:	System default Language Id:
2403	Version %u certificates and keys:	Version %u certificates and keys:
2404	Use old PFX encryption	Use old PFX encryption
2405	Certificate signature is valid	Certificate signature is valid
2406	Key usage count	Key usage count
2408	Not supported	Not supported
2409	CA cert version	CA cert version
2410	Enabled Active Server Pages (ASP)	Enabled Active Server Pages (ASP)
2411	Active Server Pages (ASP) already enabled	Active Server Pages (ASP) already enabled
2412	Error enabling Active Server Pages (ASP)	Error enabling Active Server Pages (ASP)
2413	MISSING!	MISSING!
2414	Sanitized CA short name (DS name)	Sanitized CA short name (DS name)
2415	WinINet Cache entries deleted: %u	WinINet Cache entries deleted: %u
2416	WinINet Cache entries: %u	WinINet Cache entries: %u
2417	Permitted	Permitted
2418	Excluded	Excluded
2419	IP Address	IP Address
2420	Mask	Mask
2421	URL -- cached URL %1 -- operate on all cached CRL URLs only %2 -- operate on all cached URLs %3 -- delete relevant URLs from the current user's local cache Use %4 to force fetching a specific URL and updating the cache.	URL -- cached URL %1 -- operate on all cached CRL URLs only %2 -- operate on all cached URLs %3 -- delete relevant URLs from the current user's local cache Use %4 to force fetching a specific URL and updating the cache.
2422	Subtree	Subtree
2423	Related Certificates:	Related Certificates:
2424	Related CRLs:	Related CRLs:
2425	Exact match:	Exact match:
2426	Protect keys with password	Protect keys with password
2427	Set templates for CA	Set templates for CA
2428	[+ \| -]TemplateList	[+ \| -]TemplateList
2429	Adding	Adding
2430	Removing	Removing
2431	Already present	Already present
2432	Not present	Not present
2433	KMS export file signature verifies	KMS export file signature verifies
2434	AutoEnroll Property	AutoEnroll Property
2436	Authority	Authority
2437	Friendly Name	Friendly Name
2438	Token match	Token match
2439	Bad Asn length encoding	Bad Asn length encoding
2440	Asn encoding: %x extra bytes	Asn encoding: %x extra bytes
2441	%ws key verifies against certificate	%ws key verifies against certificate
2442	%ws key does not match certificate	%ws key does not match certificate
2443	Expected	Expected
2444	Public key:	Public key:
2445	Cert Public key:	Cert Public key:
2446	certificates	certificates
2447	Signing	Signing
2448	Exchange	Exchange
2449	LoadCert(CACrossed) returned %ws	LoadCert(CACrossed) returned %ws
2450	Crossed CA Cert	Crossed CA Cert
2451	Crossed CA Cert Serial Number:	Crossed CA Cert Serial Number:
2452	Crossed CA Subject name matches Cert Subject	Crossed CA Subject name matches Cert Subject
2453	ERROR: Crossed CA Subject name does not match Cert Subject	ERROR: Crossed CA Subject name does not match Cert Subject
2454	Crossed CA public key matches Cert key	Crossed CA public key matches Cert key
2455	ERROR: Certificate public key does NOT match Cert key	ERROR: Certificate public key does NOT match Cert key
2456	Crossed CA Subject Key Id matches Cert Subject Key Id	Crossed CA Subject Key Id matches Cert Subject Key Id
2457	ERROR: Crossed CA Key Id does not match Key Id	ERROR: Crossed CA Key Id does not match Key Id
2459	canonicalized	canonicalized
2460	A required CRL extension is missing	A required CRL extension is missing
2461	Verified	Verified
2462	Bad CA Cert Subject	Bad CA Cert Subject
2463	Bad Cert Issuer	Bad Cert Issuer
2464	Old Base CRL	Old Base CRL
2465	Bad Authority Key Id	Bad Authority Key Id
2466	No IDP Intersection	No IDP Intersection
2467	ERROR: CRL Issuer does not match Cert Issuer	ERROR: CRL Issuer does not match Cert Issuer
2468	CRL Issuer matches Cert Issuer	CRL Issuer matches Cert Issuer
2469	Provider	Provider
2470	ERROR: CRL IDP extension does not match Cert CDP	ERROR: CRL IDP extension does not match Cert CDP
2471	ERROR: CRL Issuer does not match Delta CRL Issuer	ERROR: CRL Issuer does not match Delta CRL Issuer
2472	CRL Issuer matches Delta CRL Issuer	CRL Issuer matches Delta CRL Issuer
2473	WARNING: CRL CA Version does not match Cert CA Version	WARNING: CRL CA Version does not match Cert CA Version
2474	WARNING: CRL CA Version does not match Delta CRL CA Version	WARNING: CRL CA Version does not match Delta CRL CA Version
2475	ERROR: CRL Number less than Delta CRL Minimum Base	ERROR: CRL Number less than Delta CRL Minimum Base
2476	ERROR: CRL is not a Base CRL	ERROR: CRL is not a Base CRL
2477	ERROR: CRL is not a Delta CRL	ERROR: CRL is not a Delta CRL
2478	Verifying Issued Certificate:	Verifying Issued Certificate:
2479	Verifying Delta CRL:	Verifying Delta CRL:
2480	WinHttp Cache entries deleted: %u	WinHttp Cache entries deleted: %u
2481	WinHttp Cache entries: %u	WinHttp Cache entries: %u
2482	Meta File Name:	Meta File Name:
2483	WinINet Cache entry:	WinINet Cache entry:
2484	WinHttp Cache entry:	WinHttp Cache entry:
2485	CAName	CAName
2486	MachineName	MachineName
2487	Time:	Time:
2488	Certificate AIA	Certificate AIA
2489	Certificate CDP	Certificate CDP
2490	Base CRL CDP	Base CRL CDP
2491	URL fetch timeout in milliseconds	URL fetch timeout in milliseconds
2492	Timeout	Timeout
2493	Cannot export public key	Cannot export public key
2494	Display password and private key data	Display password and private key data
2495	OCSP	OCSP
2496	Decode Error	Decode Error
2497	Unsuccessful	Unsuccessful
2498	Unsupported	Unsupported
2500	Invalid Signature	Invalid Signature
2501	OCSP Request:	OCSP Request:
2502	OCSP Response:	OCSP Response:
2503	Produced At	Produced At
2504	OCSP Response Entries:	OCSP Response Entries:
2505	OCSP Response Info	OCSP Response Info
2506	OCSP Request Entries:	OCSP Request Entries:
2507	OCSP Request Info	OCSP Request Info
2508	Issuer Name Hash(%ws):	Issuer Name Hash(%ws):
2509	Issuer Key Hash(%ws):	Issuer Key Hash(%ws):
2510	Serial Number Not Found	Serial Number Not Found
2512	Invalid Signer EKU	Invalid Signer EKU
2513	Signer Expired	Signer Expired
2514	Revoked As Of	Revoked As Of
2515	Certificate OCSP	Certificate OCSP
2516	Parse ASN.1 file	Parse ASN.1 file
2517	File [type]	File [type]
2518	DECODE ERROR!	DECODE ERROR!
2519	Unique container name	Unique container name
2520	To be backed up	To be backed up
2521	Expected Base CRL	Expected Base CRL
2522	Expected Delta CRL	Expected Delta CRL
2523	Default Container	Default Container
2524	End Of Content	End Of Content
2525	Install a Certification Authority on current machine	Install a Certification Authority on current machine
2526	Manage smart card root certificates	Manage smart card root certificates
2527	Root Certificate Provisioning	Root Certificate Provisioning
2528	%1 [%5][InputRootFile] [ReaderName] %2 %6OutputRootFile [ReaderName] %3 [InputRootFile \| ReaderName] %4 [ReaderName]	%1 [%5][InputRootFile] [ReaderName] %2 %6OutputRootFile [ReaderName] %3 [InputRootFile \| ReaderName] %4 [ReaderName]
2529	Use hash of data as signature	Use hash of data as signature
2530	Simple container name	Simple container name
2531	Cipher Algorithms	Cipher Algorithms
2532	Hash Algorithms	Hash Algorithms
2533	Asymmetric Encryption Algorithms	Asymmetric Encryption Algorithms
2534	Secret Agreement Algorithms	Secret Agreement Algorithms
2535	Signature Algorithms	Signature Algorithms
2536	RNG Algorithms	RNG Algorithms
2537	Display COM registry information	Display COM registry information
2538	[ClassId \| ProgId \| DllName \| *]	[ClassId \| ProgId \| DllName \| *]
2539	Yes	Yes
2540	No	No
2541	Allow	Allow
2542	Deny	Deny
2543	CA Administrator	CA Administrator
2544	Certificate Manager	Certificate Manager
2546	Enroll	Enroll
2547	Auto-Enroll	Auto-Enroll
2548	Full Control	Full Control
2549	Write	Write
2550	Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks.	Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks.
2551	The restored CA certificate has expired. Before restarting Active Directory Certificate Services you must renew the CA certificate.	The restored CA certificate has expired. Before restarting Active Directory Certificate Services you must renew the CA certificate.
2552	Create/delete web virtual roots for OCSP web proxy	Create/delete web virtual roots for OCSP web proxy
2554	The OCSP Web Proxy already exists.	The OCSP Web Proxy already exists.
2555	Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES	Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES
2556	SymmetricKeyAlgorithm[,KeyLength]	SymmetricKeyAlgorithm[,KeyLength]
2557	This verb has been restricted by Common Criteria.	This verb has been restricted by Common Criteria.
2558	The certification propagation service could not be contacted. Your root certificates may not be available for use.	The certification propagation service could not be contacted. Your root certificates may not be available for use.
2559	Content Encryption Algorithm:	Content Encryption Algorithm:
2560	Encode text without CR-LF characters	Encode text without CR-LF characters
2561	Write redirected output in Unicode	Write redirected output in Unicode
2562	Enumerate certificate stores	Enumerate certificate stores
2563	[\\MachineName]	[\\MachineName]
2564	MachineName -- remote machine name.	MachineName -- remote machine name.
2565	Use service certificate store	Use service certificate store
2566	Use Group Policy certificate store	Use Group Policy certificate store
2567	Install default certificate templates	Install default certificate templates
2568	CertificateStoreName -- Certificate store name. See -store. CertIdList -- comma separated list of Certificate or CRL match tokens. See -store's CertId description. PropertyInfFile -- INF file containing external properties: %1 %2 Add archived property, OR: %3 Remove archived property %4 "%5Friendly Name" ; Add friendly name property %6 Add custom hexadecimal property %7 %8 %9 Add Key Provider Information property %10Container Name%11 %12 %13 %14 %15 %16 Add Enhanced Key Usage property %17 %18	CertificateStoreName -- Certificate store name. See -store. CertIdList -- comma separated list of Certificate or CRL match tokens. See -store's CertId description. PropertyInfFile -- INF file containing external properties: %1 %2 Add archived property, OR: %3 Remove archived property %4 "%5Friendly Name" ; Add friendly name property %6 Add custom hexadecimal property %7 %8 %9 Add Key Provider Information property %10Container Name%11 %12 %13 %14 %15 %16 Add Enhanced Key Usage property %17 %18
2569	Dump smart card file information	Dump smart card file information
2570	[ReaderName]	[ReaderName]
2571	Cannot read file	Cannot read file
2572	Successfully uncompressed	Successfully uncompressed
2573	Cannot uncompress file	Cannot uncompress file
2574	Failed to authenticate to card	Failed to authenticate to card
2575	Successfully authenticated to card	Successfully authenticated to card
2576	Reading directory	Reading directory
2577	Enter PIN:	Enter PIN:
2578	Each restriction consists of a column name, a relational operator and a constant integer, string or date. One column name may be preceded by a plus or minus sign to indicate the sort order. Examples: %1 %2 %3	Each restriction consists of a column name, a relational operator and a constant integer, string or date. One column name may be preceded by a plus or minus sign to indicate the sort order. Examples: %1 %2 %3
2579	Provider Aliases:	Provider Aliases:
2580	Provider Module:	Provider Module:
2581	Display CNG Configuration	Display CNG Configuration
2582	Display Enrollment Policy CAs	Display Enrollment Policy CAs
2583	[CAName \| TemplateName]	[CAName \| TemplateName]
2584	Manage Site Names for CAs	Manage Site Names for CAs
2585	[%1] [SiteName] %2 [SiteName] %3	[%1] [SiteName] %2 [SiteName] %3
2586	Out of date	Out of date
2587	Successfully updated	Successfully updated
2588	Update error	Update error
2589	Asymmetric Algorithms	Asymmetric Algorithms
2590	All Algorithms	All Algorithms
2591	Enrollment Policy Server List	Enrollment Policy Server List
2592	Select Policy Server	Select Policy Server
2593	Default	Default
2594	--- ATR:	--- ATR:
2595	Display AD templates	Display AD templates
2597	Display AD CAs	Display AD CAs
2598	[CAName]	[CAName]
2599	Display Enrollment Policy	Display Enrollment Policy
2600	Policy Server URL or Id	Policy Server URL or Id
2601	URLOrId	URLOrId
2602	DistinguishedName	DistinguishedName
2603	type -- numeric CRYPT_STRING_* decoding type	type -- numeric CRYPT_STRING_* decoding type
2604	type -- numeric CRYPT_STRING_* encoding type	type -- numeric CRYPT_STRING_* encoding type
2605	ERROR: Could not verify certificate public key against private key	ERROR: Could not verify certificate public key against private key
2606	Enrollment Policy Url	Enrollment Policy Url
2607	Enrollment Policy Id	Enrollment Policy Id
2609	Enrollment Server Url	Enrollment Server Url
2610	Request Id	Request Id
2611	Authentication	Authentication
2612	Url Flags	Url Flags
2613	Add an Enrollment Server application	Add an Enrollment Server application
2614	%1 \| %3 \| %5 [%10] [%11]	%1 \| %3 \| %5 [%10] [%11]
2615	Add an Enrollment Server application and application pool if necessary, for the specified CA. This command does not install binaries or packages One of the following authentication methods with which the client connects to a Certificate Enrollment Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- Only renewal requests can be submitted to this CA via this URL %11 -- Allows use of a certificate that has no associated account in the AD. This applies only with ClientCertificate and AllowRenewalsOnly mode.	Add an Enrollment Server application and application pool if necessary, for the specified CA. This command does not install binaries or packages One of the following authentication methods with which the client connects to a Certificate Enrollment Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- Only renewal requests can be submitted to this CA via this URL %11 -- Allows use of a certificate that has no associated account in the AD. This applies only with ClientCertificate and AllowRenewalsOnly mode.
2616	Delete an Enrollment Server application	Delete an Enrollment Server application
2617	%1 \| %3 \| %5	%1 \| %3 \| %5
2618	Delete an Enrollment Server application and application pool if necessary, for the specified CA. This command does not remove binaries or packages One of the following authentication methods with which the client connects to a Certificate Enrollment Server %1 -- %2 %3 -- %4 %5 -- %6.	Delete an Enrollment Server application and application pool if necessary, for the specified CA. This command does not remove binaries or packages One of the following authentication methods with which the client connects to a Certificate Enrollment Server %1 -- %2 %3 -- %4 %5 -- %6.
2619	Install succeeded with warnings: %ws	Install succeeded with warnings: %ws
2620	UnInstall succeeded with warnings: %ws	UnInstall succeeded with warnings: %ws
2621	Smart Card Serial Number:	Smart Card Serial Number:
2622	ObjectId	ObjectId
2623	ObjectIds	ObjectIds
2628	CA	CA
2629	CAs	CAs
2630	Use anonymous SSL credentials	Use anonymous SSL credentials
2631	Use Kerberos SSL credentials	Use Kerberos SSL credentials
2632	Use X.509 Certificate SSL credentials	Use X.509 Certificate SSL credentials
2633	ClientCertId	ClientCertId
2634	Use named account for SSL credentials	Use named account for SSL credentials
2635	UserName	UserName
2636	Conflicting SSL credentials	Conflicting SSL credentials
2638	Select client authentication certificate	Select client authentication certificate
2639	CA locale name	CA locale name
2640	Display, add or delete enrollment server URLs associated with a CA	Display, add or delete enrollment server URLs associated with a CA
2641	[URL AuthenticationType [Priority] [Modifiers]] URL %9	[URL AuthenticationType [Priority] [Modifiers]] URL %9
2642	AuthenticationType -- Specify one of the following client authentication methods while adding a URL %1 -- %2 %3 -- %4 %5 -- %6 %7 -- %8. %9 -- deletes the specified URL associated with the CA. Priority -- defaults to '1' if not specified when adding a URL. Modifiers -- Comma separated list of one or more of the following: %10 -- Only renewal requests can be submitted to this CA via this URL %11 -- Allows use of a certificate that has no associated account in the AD. This applies only with ClientCertificate and AllowRenewalsOnly Mode.	AuthenticationType -- Specify one of the following client authentication methods while adding a URL %1 -- %2 %3 -- %4 %5 -- %6 %7 -- %8. %9 -- deletes the specified URL associated with the CA. Priority -- defaults to '1' if not specified when adding a URL. Modifiers -- Comma separated list of one or more of the following: %10 -- Only renewal requests can be submitted to this CA via this URL %11 -- Allows use of a certificate that has no associated account in the AD. This applies only with ClientCertificate and AllowRenewalsOnly Mode.
2643	Priority	Priority
2644	Display or delete Enrollment Policy Cache entries	Display or delete Enrollment Policy Cache entries
2646	%1 -- delete Policy Server cache entries %2 -- use %2 to delete all cache entries.	%1 -- delete Policy Server cache entries %2 -- use %2 to delete all cache entries.
2647	NextUpdate	NextUpdate
2648	LastUpdate	LastUpdate
2650	Id	Id
2652	Path	Path
2654	AllowUntrustedCA	AllowUntrustedCA
2656	Cache file exists	Cache file exists
2657	Deleting cache entry!	Deleting cache entry!
2658	No cache file	No cache file
2659	Url does NOT match cache file name	Url does NOT match cache file name
2660	Cache Directory	Cache Directory
2661	Orphaned Cache file	Orphaned Cache file
2662	Display, add or delete Credential Store entries	Display, add or delete Credential Store entries
2663	[URL] URL %3 URL %1	[URL] URL %3 URL %1
2664	URL -- target URL. Use %4 to match all entries Use %5 to match a URL prefix %3 -- add a Credential Store entry SSL credentials must also be specified %1 -- delete Credential Store entries %2 -- use %2 to overwrite an entry or to delete multiple entries.	URL -- target URL. Use %4 to match all entries Use %5 to match a URL prefix %3 -- add a Credential Store entry SSL credentials must also be specified %1 -- delete Credential Store entries %2 -- use %2 to overwrite an entry or to delete multiple entries.
2665	Enforce UTF-8	Enforce UTF-8
2666	Name	Name
2671	Credential	Credential
2672	Credentials	Credentials
2673	Enrollment Certificate	Enrollment Certificate
2674	Enrollment Username/Password	Enrollment Username/Password
2675	SchemaId	SchemaId
2676	Properties	Properties
2678	Setting	Setting
2679	Indefinite Length	Indefinite Length
2680	%1 -- Delete all keys on the smart card	%1 -- Delete all keys on the smart card
2681	================ Url %d ================	================ Url %d ================
2682	ERROR: Container name inconsistent	ERROR: Container name inconsistent
2683	For selection U/I, use %3%1 %3 For all Policy Servers, use %3%1 %2	For selection U/I, use %3%1 %3 For all Policy Servers, use %3%1 %2
2684	For selection U/I, use %2%1 %2	For selection U/I, use %2%1 %2
2686	WARNING: CA certificate expires before registry validity period.	WARNING: CA certificate expires before registry validity period.
2687	Added	Added
2688	Anonymous	Anonymous
2689	Kerberos	Kerberos
2691	Username	Username
2693	Web Enrollment Servers:	Web Enrollment Servers:
2694	Matches	Matches
2695	You must install the Certificate Enrollment Web Service using Server Manager or ServerManagerCmd.exe before adding an enrollment server application.	You must install the Certificate Enrollment Web Service using Server Manager or ServerManagerCmd.exe before adding an enrollment server application.
2696	To import a foreign certificate, see %ws	To import a foreign certificate, see %ws
2697	Enrollment Server Authentication	Enrollment Server Authentication
2698	Add a Policy Server application	Add a Policy Server application
2699	%1 \| %3 \| %5 [%10]	%1 \| %3 \| %5 [%10]
2700	Add a Policy Server application and application pool if necessary. This command does not install binaries or packages One of the following authentication methods with which the client connects to a Certificate Policy Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- Only policies that contain KeyBasedRenewal templates are returned to the client. This flag applies only for UserName and ClientCertificate authentication.	Add a Policy Server application and application pool if necessary. This command does not install binaries or packages One of the following authentication methods with which the client connects to a Certificate Policy Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- Only policies that contain KeyBasedRenewal templates are returned to the client. This flag applies only for UserName and ClientCertificate authentication.
2701	Delete a Policy Server application	Delete a Policy Server application
2703	Delete a Policy Server application and application pool if necessary. This command does not remove binaries or packages One of the following authentication methods with which the client connects to a Certificate Policy Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- KeyBasedRenewal policy server.	Delete a Policy Server application and application pool if necessary. This command does not remove binaries or packages One of the following authentication methods with which the client connects to a Certificate Policy Server %1 -- %2 %3 -- %4 %5 -- %6 %10 -- KeyBasedRenewal policy server.
2704	You must install the Certificate Enrollment Policy Web Service using Server Manager or ServerManagerCmd.exe before adding a policy server application.	You must install the Certificate Enrollment Policy Web Service using Server Manager or ServerManagerCmd.exe before adding a policy server application.
2705	ERROR: Signed signature algorithm conflict	ERROR: Signed signature algorithm conflict
2706	ERROR: Signed signature parameter conflict	ERROR: Signed signature parameter conflict
2707	AllowRenewalsOnly	AllowRenewalsOnly
2708	AllowKeyBasedRenewal	AllowKeyBasedRenewal
2709	Write output file in Unicode	Write output file in Unicode
2710	Subject Template OIDs	Subject Template OIDs
2711	ERROR: The password you specified is incorrect. However, you have permission to access the PFX without a password. Re-run the command without specifying a password.	ERROR: The password you specified is incorrect. However, you have permission to access the PFX without a password. Re-run the command without specifying a password.
2712	PFX protected password: "%ws"	PFX protected password: "%ws"
2713	The PFX protected password is incorrectly stored in the PFX file. It is:	The PFX protected password is incorrectly stored in the PFX file. It is:
2714	PFX protected to:	PFX protected to:
2715	AND	AND
2716	OR	OR
2717	Successfully deleted	Successfully deleted
2718	Already deleted	Already deleted
2719	Set, Verify or Delete CA site names Use the %4 option to target a single CA (Default is all CAs) SiteName is allowed only when targeting a single CA Use %5 to override validation errors for the specified SiteName Use %5 to delete all CA site names	Set, Verify or Delete CA site names Use the %4 option to target a single CA (Default is all CAs) SiteName is allowed only when targeting a single CA Use %5 to override validation errors for the specified SiteName Use %5 to delete all CA site names
2720	Specified and Detected site names conflict	Specified and Detected site names conflict
2721	Existing	Existing
2722	Detected	Detected
2723	SKIPPED	SKIPPED
2724	[MaxSecondsToWait \| CAMachineList]	[MaxSecondsToWait \| CAMachineList]
2725	CAMachineList -- Comma-separated CA machine name list For a single machine, use a terminating comma Displays the site cost for each CA machine	CAMachineList -- Comma-separated CA machine name list For a single machine, use a terminating comma Displays the site cost for each CA machine
2726	ERROR: missing key association property	ERROR: missing key association property
2727	Name Hash(%ws):	Name Hash(%ws):
2728	Signature Hash:	Signature Hash:
2729	Cached Key Identifier:	Cached Key Identifier:
2730	No container name match	No container name match
2731	ERROR: wrong KeyId!	ERROR: wrong KeyId!
2732	Found exact match	Found exact match
2733	No KeyId match	No KeyId match
2734	WARNING: different container name!	WARNING: different container name!
2735	Comma separated SAM Name/SID List	Comma separated SAM Name/SID List
2736	SAMNameAndSIDList	SAMNameAndSIDList
2738	Decrypted	Decrypted
2739	Full query results	Full query results
2740	Full Results	Full Results
2741	Key Query	Key Query
2742	Key Recovery Errors	Key Recovery Errors
2743	Key Blob	Key Blob
2744	Key Handle	Key Handle
2745	Key State	Key State
2748	No archived key to recover.	No archived key to recover.
2749	Recovery	Recovery
2750	Retrieval	Retrieval
2751	end	end
2752	start	start
2753	Queries	Queries
2754	Query matches	Query matches
2755	Recovered	Recovered
2756	Recovered Certificates	Recovered Certificates
2757	Recovered key files	Recovered key files
2758	Recovery blobs retrieved	Recovery blobs retrieved
2759	Recovery Candidates	Recovery Candidates
2760	Recovery Errors	Recovery Errors
2761	Recovery Result	Recovery Result
2762	Retrieved key files	Retrieved key files
2763	Retrieved Keys	Retrieved Keys
2764	Retrieved, but not Recovered	Retrieved, but not Recovered
2765	Rows	Rows
2766	Rows (no key)	Rows (no key)
2767	Script file	Script file
2768	State	State
2769	Token Query	Token Query
2770	Total Queries	Total Queries
2772	Smart Card PIN	Smart Card PIN
2773	Missing output script filename.	Missing output script filename.
2774	Missing output file base name.	Missing output file base name.
2775	Use %ws to delete all entries.	Use %ws to delete all entries.
2776	Error saving key data	Error saving key data
2777	One of the following Key Recovery Agent certificates is required to recover the key:	One of the following Key Recovery Agent certificates is required to recover the key:
2779	Private key is NOT plain text exportable	Private key is NOT plain text exportable
2780	Recovery blob file	Recovery blob file
2781	Verify AuthRoot or Disallowed Certificates CTL	Verify AuthRoot or Disallowed Certificates CTL
2782	CTLObject [CertDir] [CertFile]	CTLObject [CertDir] [CertFile]
2783	CTLObject -- Identifies the CTL to verify: %1 -- read AuthRoot CAB and matching certificates from the URL cache. Use %5 to download from Windows Update instead. %2 -- read Disallowed Certificates CAB and disallowed certificate store file from the URL cache. Use %5 to download from Windows Update instead. %7 -- read PinRules CAB from the URL cache. Use %5 to download from Windows Update instead. %3 -- read registry cached AuthRoot CTL. Use with %5 and a CertFile that is not already trusted to force updating the registry cached AuthRoot and Disallowed Certificate CTLs. %4 -- read registry cached Disallowed Certificates CTL. %5 has the same behavior as with %3. %8 -- read registry cached PinRules CTL. %5 has the same behavior as with %7. CTLFileName -- file or %6 path to CTL or CAB CertDir -- folder containing certificates matching CTL entries An %6 folder path must end with a path separator. If a folder is not specified with %3 or %4, multiple locations will be searched for matching certificates: local certificate stores, crypt32.dll resources and the local URL cache. Use %5 to download from Windows Update when necessary. Otherwise defaults to the same folder or web site as the CTLObject. CertFile -- file containing certificate(s) to verify. Certificates will be matched against CTL entries, and match results displayed. Suppresses most of the default output.	CTLObject -- Identifies the CTL to verify: %1 -- read AuthRoot CAB and matching certificates from the URL cache. Use %5 to download from Windows Update instead. %2 -- read Disallowed Certificates CAB and disallowed certificate store file from the URL cache. Use %5 to download from Windows Update instead. %7 -- read PinRules CAB from the URL cache. Use %5 to download from Windows Update instead. %3 -- read registry cached AuthRoot CTL. Use with %5 and a CertFile that is not already trusted to force updating the registry cached AuthRoot and Disallowed Certificate CTLs. %4 -- read registry cached Disallowed Certificates CTL. %5 has the same behavior as with %3. %8 -- read registry cached PinRules CTL. %5 has the same behavior as with %7. CTLFileName -- file or %6 path to CTL or CAB CertDir -- folder containing certificates matching CTL entries An %6 folder path must end with a path separator. If a folder is not specified with %3 or %4, multiple locations will be searched for matching certificates: local certificate stores, crypt32.dll resources and the local URL cache. Use %5 to download from Windows Update when necessary. Otherwise defaults to the same folder or web site as the CTLObject. CertFile -- file containing certificate(s) to verify. Certificates will be matched against CTL entries, and match results displayed. Suppresses most of the default output.
2784	ERROR: Signature chain certificate not present in image: %ws	ERROR: Signature chain certificate not present in image: %ws
2785	ERROR: Extra signature chain certificate in image: %ws	ERROR: Extra signature chain certificate in image: %ws
2786	ERROR: Extra application policy: %ws	ERROR: Extra application policy: %ws
2787	ERROR: Missing application policy: %ws	ERROR: Missing application policy: %ws
2788	Result: Certificate exact match found	Result: Certificate exact match found
2789	Result: Certificate match found	Result: Certificate match found
2790	Result: Certificate match NOT found	Result: Certificate match NOT found
2791	Result: Certificate public key collision	Result: Certificate public key collision
2792	OCSP URLs	OCSP URLs
2793	AIA URLs	AIA URLs
2794	CDP URLs	CDP URLs
2795	Certificates that do not belong to the targeted CTL: %u	Certificates that do not belong to the targeted CTL: %u
2796	Default is to display DC certificates without verification	Default is to display DC certificates without verification
2797	%ws failed with error:	%ws failed with error:
2798	Loading	Loading
2799	Cert[%u]: references:	Cert[%u]: references:
2800	CTL[%u]: matches:	CTL[%u]: matches:
2801	Less than %ws	Less than %ws
2802	Strong Signature verification not supported	Strong Signature verification not supported
2803	Strong Signature error:	Strong Signature error:
2804	Legacy Signature error:	Legacy Signature error:
2805	Counter Signed!:	Counter Signed!:
2806	Authenticated attribute!:	Authenticated attribute!:
2807	Critical Extension	Critical Extension
2808	%u of %u entries present	%u of %u entries present
2809	Certificates to match:	Certificates to match:
2810	Legacy signatures:	Legacy signatures:
2811	Strong signatures:	Strong signatures:
2812	Missing Enhanced Key Usage property	Missing Enhanced Key Usage property
2813	PIN	PIN
2814	Signing certificate	Signing certificate
2815	CertId	CertId
2816	Sync with Windows Update	Sync with Windows Update
2817	DestinationDir	DestinationDir
2818	DestinationDir -- folder to copy to. The following files are downloaded from Windows Update: %1 - contains CTL of Third Party Roots. %2 - contains CTL of Disallowed Certificates. %3 - Disallowed Certificates. %4 - contains CTL of SSL Pin Rules. %5 - Pin Rules Certificates. .crt - Third Party Roots.	DestinationDir -- folder to copy to. The following files are downloaded from Windows Update: %1 - contains CTL of Third Party Roots. %2 - contains CTL of Disallowed Certificates. %3 - Disallowed Certificates. %4 - contains CTL of SSL Pin Rules. %5 - Pin Rules Certificates. .crt - Third Party Roots.
2819	Generate SST from Windows Update	Generate SST from Windows Update
2820	SSTFile	SSTFile
2821	SSTFile -- %1 file to be created. The generated %1 file contains the Third Party Roots downloaded from Windows Update.	SSTFile -- %1 file to be created. The generated %1 file contains the Third Party Roots downloaded from Windows Update.
2822	Updating	Updating
2823	"%ws" exists. Use "%ws" option to force overwrite.	"%ws" exists. Use "%ws" option to force overwrite.
2824	Warning! Encountered the following no longer trusted roots:	Warning! Encountered the following no longer trusted roots:
2825	Use "%ws" options to force the delete of the above "%ws" files. Was "%ws" updated? If yes, consider deferring the delete until all clients have been updated.	Use "%ws" options to force the delete of the above "%ws" files. Was "%ws" updated? If yes, consider deferring the delete until all clients have been updated.
2826	Enabling temporary auto root update.	Enabling temporary auto root update.
2827	Restoring disable of auto root update.	Restoring disable of auto root update.
2828	Cannot enable auto root update in the registry. Are you running as elevated administrator?	Cannot enable auto root update in the registry. Are you running as elevated administrator?
2829	No Updates!	No Updates!
2830	Added %d files. Updated %d files.	Added %d files. Updated %d files.
2831	Updated SST file.	Updated SST file.
2832	Display Trusted Platform Module Information	Display Trusted Platform Module Information
2833	CA Exchange Cert Hash	CA Exchange Cert Hash
2834	Verify Key Attestation Request	Verify Key Attestation Request
2835	RequestFile	RequestFile
2836	Manufacturer Endorsement Key Certificates	Manufacturer Endorsement Key Certificates
2837	Other Endorsement Key Certificates	Other Endorsement Key Certificates
2838	Challenge Pending	Challenge Pending
2839	Challenge Satisfied	Challenge Satisfied
2840	Trust On Use	Trust On Use
2841	Trust Endorsement Certificate	Trust Endorsement Certificate
2842	Trust Endorsement Key	Trust Endorsement Key
2843	Nonce digest	Nonce digest
2844	Attestation successful.	Attestation successful.
2845	Secret	Secret
2846	Decrypted EKInfo	Decrypted EKInfo
2847	EK Public Key	EK Public Key
2848	Activation	Activation
2849	Decrypted Secret	Decrypted Secret
2850	Activation successful.	Activation successful.
2851	Writing	Writing
2852	Cannot fetch EK public key	Cannot fetch EK public key
2853	EK KeyId(%ws):	EK KeyId(%ws):
2854	%1	%1
2855	Numeric SID	Numeric SID
2856	%2 -- Local System %3 -- Local Service %4 -- Network Service	%2 -- Local System %3 -- Local Service %4 -- Network Service
2857	Hash algorithms:	Hash algorithms:
2858	No Manufacturer Endorsement Key Certificates	No Manufacturer Endorsement Key Certificates
2859	No Other Endorsement Key Certificates	No Other Endorsement Key Certificates
2860	Resource	Resource
2861	Updated DS Template and security descriptor	Updated DS Template and security descriptor
2862	Modifiers:	Modifiers:
2863	End Entity certificate only	End Entity certificate only
2864	Exclude root certificate	Exclude root certificate
2865	Certificates: Not Encrypted	Certificates: Not Encrypted
2866	Enabling temporary Pin Rules auto update.	Enabling temporary Pin Rules auto update.
2867	Restoring disable of Pin Rules auto update.	Restoring disable of Pin Rules auto update.
2868	Cannot enable Pin Rules auto update in the registry. Are you running as elevated administrator?	Cannot enable Pin Rules auto update in the registry. Are you running as elevated administrator?
2869	Add ECC Curve	Add ECC Curve
2870	[CurveClass:]CurveName CurveParameters [CurveOID] [CurveType]	[CurveClass:]CurveName CurveParameters [CurveOID] [CurveType]
2871	CurveClass: -- ECC Curve Class Type: - %1 [Default] - %2 - %3 CurveName -- ECC Curve Name CurveParameters -- ECC Curve Parameters. It is one of the following - Certificate Filename Containing ASN Encoded Parameters - File Containing ASN Encoded Parameters CurveOID -- ECC Curve OID. It is one of the following: - Certificate Filename Containing ASN Encoded OID - Explicit ECC Curve OID CurveType -- Schannel ECC NamedCurve Point (Numeric)	CurveClass: -- ECC Curve Class Type: - %1 [Default] - %2 - %3 CurveName -- ECC Curve Name CurveParameters -- ECC Curve Parameters. It is one of the following - Certificate Filename Containing ASN Encoded Parameters - File Containing ASN Encoded Parameters CurveOID -- ECC Curve OID. It is one of the following: - Certificate Filename Containing ASN Encoded OID - Explicit ECC Curve OID CurveType -- Schannel ECC NamedCurve Point (Numeric)
2872	Delete ECC Curve	Delete ECC Curve
2873	CurveName \| CurveOID	CurveName \| CurveOID
2874	CurveName -- ECC Curve Name CurveOID -- ECC Curve OID	CurveName -- ECC Curve Name CurveOID -- ECC Curve OID
2875	Display ECC Curve	Display ECC Curve
2876	[CurveName \| CurveOID]	[CurveName \| CurveOID]
2877	CurveName -- ECC Curve name CurveOID -- ECC Curve OID	CurveName -- ECC Curve name CurveOID -- ECC Curve OID
2878	ECC Curve Parameters	ECC Curve Parameters
2879	CNG Parameters Blob	CNG Parameters Blob
2880	ASN Parameters Blob	ASN Parameters Blob
2881	Public Key Length	Public Key Length
2900	Generate Pin Rules CTL	Generate Pin Rules CTL
2901	XMLFile CTLFile [SSTFile [QueryFilesPrefix]]	XMLFile CTLFile [SSTFile [QueryFilesPrefix]]
2902	XMLFile -- input XML file to be parsed. CTLFile -- output CTL file to be generated. SSTFile -- optional %1 file to be created. The %1 file contains all of the certificates used for pinning. QueryFilesPrefix -- optional %2 and %3 files to be created for database query. The QueryFilesPrefix string is prepended to each created file. The %2 file contains rule name, domain rows. The %3 file contains rule name, key SHA256 thumbprint rows.	XMLFile -- input XML file to be parsed. CTLFile -- output CTL file to be generated. SSTFile -- optional %1 file to be created. The %1 file contains all of the certificates used for pinning. QueryFilesPrefix -- optional %2 and %3 files to be created for database query. The QueryFilesPrefix string is prepended to each created file. The %2 file contains rule name, domain rows. The %3 file contains rule name, key SHA256 thumbprint rows.
2903	SSL Policy matching ServerName	SSL Policy matching ServerName
2904	ServerName	ServerName
2905	Warning = Unable to verify downloaded Pin Rules on this version of Windows. Will continue. Recommend running on a later version of Windows.	Warning = Unable to verify downloaded Pin Rules on this version of Windows. Will continue. Recommend running on a later version of Windows.
2911	Warning	Warning
2913	Encoding	Encoding
2914	Parsing	Parsing
2915	Matching	Matching
2916	Skipping	Skipping
2917	Getting	Getting
2918	Add Existing	Add Existing
2919	Add New	Add New
2920	Removing Duplicate	Removing Duplicate
2921	Skipping Element	Skipping Element
2922	Only Allow	Only Allow
2923	Elements	Elements
2924	Element Counts	Element Counts
2925	Duplicate Element	Duplicate Element
2926	Negative duration value	Negative duration value
2927	Not supported years or months duration value	Not supported years or months duration value
2928	Write Query Files	Write Query Files
2929	XML Parser Error Details	XML Parser Error Details
2930	Save To SST File	Save To SST File
2931	Finding Element: %ws	Finding Element: %ws
2932	Query Element: %ws	Query Element: %ws
2933	Getting %ws Element Count	Getting %ws Element Count
2934	Parsing Element: %ws Attributes	Parsing Element: %ws Attributes
2935	Duplicate = Removing %ws Matching %ws	Duplicate = Removing %ws Matching %ws
2936	Missing from other %ws Elements	Missing from other %ws Elements
2937	No %ws Elements	No %ws Elements
2938	Opening = Element: %ws %ws: %ws	Opening = Element: %ws %ws: %ws
2939	Enumerating = Element: %ws %ws: %ws	Enumerating = Element: %ws %ws: %ws
2940	Duplicate Attribute Value = %ws: %ws in Elements: %ws and %ws	Duplicate Attribute Value = %ws: %ws in Elements: %ws and %ws
2941	Normalize Attribute = Element: %ws Attribute: %ws: Value: %ws to %ws	Normalize Attribute = Element: %ws Attribute: %ws: Value: %ws to %ws
2942	Failed = Duplicate Attribute %ws: %hs in Element: %ws	Failed = Duplicate Attribute %ws: %hs in Element: %ws
2943	Failed = Element: %ws has no %ws Elements	Failed = Element: %ws has no %ws Elements
2944	Warning = Element: %ws has no %ws Elements	Warning = Element: %ws has no %ws Elements
2945	Failed = Missing Element: %ws	Failed = Missing Element: %ws
2946	Failed = Element: %ws has invalid Attribute: %ws	Failed = Element: %ws has invalid Attribute: %ws
2947	Failed = Element: %ws Attribute: %ws has invalid Value: %ws	Failed = Element: %ws Attribute: %ws has invalid Value: %ws
2948	Failed = Element: %ws has invalid Attribute: %ws with Reason:	Failed = Element: %ws has invalid Attribute: %ws with Reason:
2949	Failed = Element: %ws Attribute: %ws has invalid Value: %ws with Reason:	Failed = Element: %ws Attribute: %ws has invalid Value: %ws with Reason:
2950	Failed = Element: %ws is missing Attribute: %ws	Failed = Element: %ws is missing Attribute: %ws
2951	Duplicate Attribute Value %ws: %hs in Elements: %ws and %ws	Duplicate Attribute Value %ws: %hs in Elements: %ws and %ws
2952	Warning = No %ws certificates to save to SST File	Warning = No %ws certificates to save to SST File
2953	AlternateStorageLocation	AlternateStorageLocation
2954	AIK Public Key	AIK Public Key
2955	AIK KeyId(%ws):	AIK KeyId(%ws):
2956	Download OCSP Responses and Write to Directory	Download OCSP Responses and Write to Directory
2957	CertificateDir OcspDir [ThreadCount] [Modifiers]	CertificateDir OcspDir [ThreadCount] [Modifiers]
2958	CertificateDir -- directory of certificate, store and PFX files. OcspDir -- directory to write OCSP responses. ThreadCount -- optional maximum number of threads for concurrent downloading. Default is 10. Modifiers -- Comma separated list of one or more of the following: %1 -- Download once and exit %2 -- Read from OcspDir instead of writing By default, certutil won't exit and must be explicitly terminated.	CertificateDir -- directory of certificate, store and PFX files. OcspDir -- directory to write OCSP responses. ThreadCount -- optional maximum number of threads for concurrent downloading. Default is 10. Modifiers -- Comma separated list of one or more of the following: %1 -- Download once and exit %2 -- Read from OcspDir instead of writing By default, certutil won't exit and must be explicitly terminated.
2959	Check certificate files in directory	Check certificate files in directory
2960	No Downloads!	No Downloads!
2961	Wait forever for downloads	Wait forever for downloads
2962	Failed = downloadOcsp option not supported on this version of Windows.	Failed = downloadOcsp option not supported on this version of Windows.
2963	With previous RemainingMinutes: %d downloaded new OCSP response with ThisUpdate: %ws NextUpdate: %ws	With previous RemainingMinutes: %d downloaded new OCSP response with ThisUpdate: %ws NextUpdate: %ws
2964	Open OCSP subject certificate file	Open OCSP subject certificate file
2965	Remove OCSP subject certificate file	Remove OCSP subject certificate file
2966	Add OCSP response file	Add OCSP response file
2967	Remove OCSP response file	Remove OCSP response file
2968	Waiting for %d download OCSP reponses to complete	Waiting for %d download OCSP reponses to complete
2969	Downloaded OCSP Responses	Downloaded OCSP Responses
2970	Milliseconds: %d ThisUpdate: %ws NextUpdate: %ws RemainingMinutes: %d	Milliseconds: %d ThisUpdate: %ws NextUpdate: %ws RemainingMinutes: %d
2971	Total: %d Downloaded: %d Warnings: %d Pending: %d Errors: %d Maximum Thread Count: %d	Total: %d Downloaded: %d Warnings: %d Pending: %d Errors: %d Maximum Thread Count: %d
2972	Error = Download OCSP response. %ws	Error = Download OCSP response. %ws
2973	Error = Write OCSP response file. %ws	Error = Write OCSP response file. %ws
2974	Error = Missing issuer certificate	Error = Missing issuer certificate
2975	Error = Open OCSP subject certificate file. %ws	Error = Open OCSP subject certificate file. %ws
2976	Error = Pending OCSP response download	Error = Pending OCSP response download
2977	Warning = No OCSP subject certificates in file	Warning = No OCSP subject certificates in file
2978	Warning = Duplicate OCSP response file	Warning = Duplicate OCSP response file
2979	Warning = OCSP not supported for certificate	Warning = OCSP not supported for certificate
2980	test passed	test passed
2981	test FAILED	test FAILED
2982	test skipped	test skipped
2983	Key Encryption Algorithm:	Key Encryption Algorithm:
2984	Encrypted Key:	Encrypted Key:
2985	[TaskName [SRKThumbprint]]	[TaskName [SRKThumbprint]]
2986	TaskName -- task to trigger %1 -- NGC Key Pregen task %2 -- NGC AIK certificate enrollment task. defaults to autoenrollment event. SRKThumbprint -- Thumprint of Storage Root Key	TaskName -- task to trigger %1 -- NGC Key Pregen task %2 -- NGC AIK certificate enrollment task. defaults to autoenrollment event. SRKThumbprint -- Thumprint of Storage Root Key
2987	AIK Certificates	AIK Certificates
2988	No AIK Certificates	No AIK Certificates
2989	Reason: Privilege Withdrawn	Reason: Privilege Withdrawn
2990	Reason: AA Compromise	Reason: AA Compromise
2991	Cannot import private key	Cannot import private key
2992	count	count
2993	Cannot decrypt content	Cannot decrypt content
2994	Decrypted content	Decrypted content
2995	Unprotected attributes	Unprotected attributes
2996	Computed	Computed
2997	Iteration count	Iteration count
2998	Local Key Id:	Local Key Id:
2999	Invalid Template	Invalid Template
3100	PKCS Attributes:	PKCS Attributes:
3101	Verified Extended Validation (EV) Policies	Verified Extended Validation (EV) Policies
3102	Extended Validation Certificate	Extended Validation Certificate
3103	Strong signature verification	Strong signature verification
3104	Must chain to a Microsoft root	Must chain to a Microsoft root
3105	Must chain to a Microsoft test root	Must chain to a Microsoft test root
3106	Must chain to a Microsoft application root	Must chain to a Microsoft application root
3107	Enforce Extended Validation Policy	Enforce Extended Validation Policy
3108	Detached signature matches Public Key	Detached signature matches Public Key
3109	Generate HPKP header using certificates in specified file or directory	Generate HPKP header using certificates in specified file or directory
3110	CertFileOrDir MaxAge [ReportUri] [Modifiers]	CertFileOrDir MaxAge [ReportUri] [Modifiers]
3111	CertFileOrDir -- file or directory of certificates. Source of pin-sha256. MaxAge -- max-age value in seconds. ReportUri -- optional report-uri. Modifiers -- Comma separated list of one or more of the following: %1 -- append includeSubDomains.	CertFileOrDir -- file or directory of certificates. Source of pin-sha256. MaxAge -- max-age value in seconds. ReportUri -- optional report-uri. Modifiers -- Comma separated list of one or more of the following: %1 -- append includeSubDomains.
3112	Error = Open certificate file. %ws	Error = Open certificate file. %ws
3113	Success = Open certificate file: %ws	Success = Open certificate file: %ws
3114	Skipping = Duplicate: %ws	Skipping = Duplicate: %ws
3115	Error = No certificates	Error = No certificates
3116	Registry Aliases:	Registry Aliases:
3117	Indirect key name	Indirect key name
3118	================ Begin force NCrypt ================	================ Begin force NCrypt ================
3119	---------------- End force NCrypt ----------------	---------------- End force NCrypt ----------------
3120	================ Begin Passport Key ================	================ Begin Passport Key ================
3121	---------------- End Passport Key ----------------	---------------- End Passport Key ----------------
3122	invoke CryptUI	invoke CryptUI
3123	File [%1]	File [%1]
3124	Thumbprint	Thumbprint
4000	Certificate Enrollment - Username/Password Credential	Certificate Enrollment - Username/Password Credential
4001	Certificate Enrollment - Certificate Credential	Certificate Enrollment - Certificate Credential
4050	Select Certification Authority	Select Certification Authority
4051	Select a Certification Authority to send the request.	Select a Certification Authority to send the request.
52737	Invalid Schema , Message Format Error from server.	Invalid Schema , Message Format Error from server.
52738	Server failed to authenticate the user.	Server failed to authenticate the user.
52739	User is not authorized to enroll.	User is not authorized to enroll.
52742	Unhandled exception from server.	Unhandled exception from server.
52747	Redirection is needed and redirected location is not a wellknown server	Redirection is needed and redirected location is not a wellknown server
52748	Discovery failed	Discovery failed
52750	Registration quota reached	Registration quota reached
52751	Operation successful but the machine requires a reboot	Operation successful but the machine requires a reboot
52752	The AIK certificate is not valid or trusted	The AIK certificate is not valid or trusted
52753	The attestation statement of the transport key is invalid	The attestation statement of the transport key is invalid
52754	Server returned a bad message error	Server returned a bad message error
52755	Tenant Id is not found in the token	Tenant Id is not found in the token
52756	User Sid is not found in the token	User Sid is not found in the token
52757	The device is required to be classic domain joined	The device is required to be classic domain joined
52758	Some join information cannot be read from the device	Some join information cannot be read from the device
52763	The device is not joined to AAD	The device is not joined to AAD
52764	The client timed out while waiting for a server response.	The client timed out while waiting for a server response.
52770	The token does not contain device ID	The token does not contain device ID
52771	The operation requires multi-factor authentication	The operation requires multi-factor authentication
52772	The specified user cannot be found	The specified user cannot be found
52773	Server is busy	Server is busy
52774	The NGC key is already registered	The NGC key is already registered
52775	The graph directory request is bad	The graph directory request is bad
52776	The graph request failed with replica unavailable	The graph request failed with replica unavailable
52777	The graph request was throttled by server	The graph request was throttled by server
52778	The graph request was denied	The graph request was denied
52779	TPM lockout or some other crypto layer issue.	TPM lockout or some other crypto layer issue.
52780	The device key is missing.	The device key is missing.
52781	The web server returned an error (non 200)	The web server returned an error (non 200)
52782	The web server returned success, but no data	The web server returned success, but no data
52784	The AAD Cloud AP Plugin does not have the requested PRT	The AAD Cloud AP Plugin does not have the requested PRT
52812	There is no core windows for the current thread.	There is no core windows for the current thread.
52813	Unable to obtain user token	Unable to obtain user token
52814	Failed to recieve user creds input	Failed to recieve user creds input
52815	AAD token request was cancelled by user	AAD token request was cancelled by user
52816	Device is not joined	Device is not joined
53225	Server response message is invalid	Server response message is invalid
53226	Server failed to authorize user or device.	Server failed to authorize user or device.
53227	Server response http status is unexpected	Server response http status is unexpected
53229	The request sent to the server was invalid.	The request sent to the server was invalid.
53230	Attestation failed	Attestation failed
53231	The AIK certificate is no longer valid.	The AIK certificate is no longer valid.
53232	There is no key registered for the user.	There is no key registered for the user.
53233	There is no UPN in the token.	There is no UPN in the token.
53234	The general server side directory error.	The general server side directory error.
53235	The device specified in the request was not found in the directory.	The device specified in the request was not found in the directory.
53236	The device is not ready to provide a CXH scenario Id for NGC registration.	The device is not ready to provide a CXH scenario Id for NGC registration.
53238	Failed to enroll for an NGC cert because there is NO Enterprise SSO.	Failed to enroll for an NGC cert because there is NO Enterprise SSO.
56836	User has no permission on the cert template or CA unreachable.	User has no permission on the cert template or CA unreachable.
56837	Generic Failure from management server, such as DB access error.	Generic Failure from management server, such as DB access error.
56840	Unknown server error.	Unknown server error.
56841	Another enrollment operation is currently underway.	Another enrollment operation is currently underway.
56842	Device is already enrolled.	Device is already enrolled.
56843	Device is not enrolled.	Device is not enrolled.
56845	During discovery the sec cert date was invalid.	During discovery the sec cert date was invalid.
56846	A password is needed (And wasn't supplied)	A password is needed (And wasn't supplied)
56847	An error during WAB enrollment	An error during WAB enrollment
56848	A http (or lower) error, such as dns or timeout	A http (or lower) error, such as dns or timeout
56850	The SSL cert wasn't valid	The SSL cert wasn't valid
56851	User already enrolled too many devices. Delete or unenroll old ones to fix this error (user can fix it without admin)	User already enrolled too many devices. Delete or unenroll old ones to fix this error (user can fix it without admin)
56852	Specific platform (e.g. Windows) or version is not supported (no point retrying or calling admin. User could upgrade device)	Specific platform (e.g. Windows) or version is not supported (no point retrying or calling admin. User could upgrade device)
56853	Mobile device management generally not supported (would save an admin call)	Mobile device management generally not supported (would save an admin call)
56854	Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device (user can fix it by re-enrolling)	Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device (user can fix it by re-enrolling)
56855	Account is in maintenance, retry later (user can retry later but might call admin because doesn't know when problem is solved)	Account is in maintenance, retry later (user can retry later but might call admin because doesn't know when problem is solved)
56856	License of user is in bad state blocking enrollment (user still needs to call admin)	License of user is in bad state blocking enrollment (user still needs to call admin)
56857	The server rejected the Enrollment Data, the server may not be configured correctly	The server rejected the Enrollment Data, the server may not be configured correctly
56858	The server asked to use HTTP from HTTPS, but the user didn't ok it	The server asked to use HTTP from HTTPS, but the user didn't ok it
56859	indicates trying to do an invalid operation on an enrollment, such as enrolling twice, or unenroll one that doesn't exist	indicates trying to do an invalid operation on an enrollment, such as enrolling twice, or unenroll one that doesn't exist
56860	Enrollment type isn't allowed on this SKU	Enrollment type isn't allowed on this SKU
56861	unknown client side error	unknown client side error
56862	Provisioning failed in CertificateStore CSP	Provisioning failed in CertificateStore CSP
56863	Provisioning failed in W7/DMAcc CSP	Provisioning failed in W7/DMAcc CSP
56864	Provisioning failed in DMClient CSP	Provisioning failed in DMClient CSP
56865	Provisioning failed in Passport for Work CSP	Provisioning failed in Passport for Work CSP
56866	Provisioning failed in a CSP not listed above	Provisioning failed in a CSP not listed above
56867	Provisioning failed, but a specific CSP is not indicated	Provisioning failed, but a specific CSP is not indicated
56868	the public cert was not found: a) when attempting to bind the public cert/private key or b) when looking into provisioning payload (perhaps targeting the wrong store)	the public cert was not found: a) when attempting to bind the public cert/private key or b) when looking into provisioning payload (perhaps targeting the wrong store)
56869	Provisioning failed in EnterpriseAppManagement CSP	Provisioning failed in EnterpriseAppManagement CSP
56870	MDM Management was blocked, such as via GP or SetManagedExternally()	MDM Management was blocked, such as via GP or SetManagedExternally()
56871	Failed to create the private key as requested	Failed to create the private key as requested
57877	?CCM_E_ITEMNOTFOUND?	?CCM_E_ITEMNOTFOUND?
57984	CCM_E_EMPTY_CERT_STORE	CCM_E_EMPTY_CERT_STORE
57985	CCM_E_NO_CERT_MATCHING_CRITERIA	CCM_E_NO_CERT_MATCHING_CRITERIA
57986	More than one certificate found but 'select first cert' was not set	More than one certificate found but 'select first cert' was not set
57987	CCM_E_MISSING_PRIVATEKEY	CCM_E_MISSING_PRIVATEKEY
57988	CCM_E_MISSING_SUBJECT_NAME	CCM_E_MISSING_SUBJECT_NAME
57989	Valida search criteria verbs are 'Subject:', 'SubjectStr:' and 'SubjectAtr:'	Valida search criteria verbs are 'Subject:', 'SubjectStr:' and 'SubjectAtr:'
57990	CCM_E_INVALID_SMS_AUTHORITY	CCM_E_INVALID_SMS_AUTHORITY
57991	CCM_E_MISSING_SITE_SIGNING_CERT	CCM_E_MISSING_SITE_SIGNING_CERT
57992	Failures related to decompressing CIs/SDM packages	Failures related to decompressing CIs/SDM packages
58000	job contains no files, no action to perform	job contains no files, no action to perform
58001	Client doesn't have any assigned TS	Client doesn't have any assigned TS
58002	Client unable to compute Message Signature for InBand Auth	Client unable to compute Message Signature for InBand Auth
58003	Client unable to Refresh Site server signing certificate	Client unable to Refresh Site server signing certificate
58004	Client Unable to verify Policy	Client Unable to verify Policy
58005	Client Unable to find a valid Registration certificate	Client Unable to find a valid Registration certificate
58006	The client failed to process one or more CIs	The client failed to process one or more CIs
58007	CCM_E_INVALID_KEY	CCM_E_INVALID_KEY
58008	The client's database record could not be validated	The client's database record could not be validated
58009	The client does not recognize these type of signature (for delta download)	The client does not recognize these type of signature (for delta download)
58010	More client registration error	More client registration error
58012	The Client received a reset registration from Server	The Client received a reset registration from Server
58013	Client version is not compatible with the primary site version.	Client version is not compatible with the primary site version.
58014	CCM_E_HASH_MISMATCH	CCM_E_HASH_MISMATCH
59648	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_PENDING?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_PENDING?
59649	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_UNEXPECTED?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_UNEXPECTED?
59650	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_FAILURE?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_FAILURE?
59651	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADALGORITHM?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADALGORITHM?
59652	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADMESSAGE?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADMESSAGE?
59653	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADTRANSACTION?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADTRANSACTION?
59654	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADSIGNINGTIME?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADSIGNINGTIME?
59655	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADCERTID?	?CCM_E_CERTENROLL_SCEP_CERTREQUEST_BADCERTID?
59656	?CCM_E_CERTENROLL_SCEP_SERVERCERT_EMPTY?	?CCM_E_CERTENROLL_SCEP_SERVERCERT_EMPTY?
59657	?CCM_E_CERTENROLL_SCEP_SERVERCAP_EMPTY?	?CCM_E_CERTENROLL_SCEP_SERVERCAP_EMPTY?
59664	?CCM_E_CERTENROLL_SCEP_PKIOPRESPONSE_EMPTY?	?CCM_E_CERTENROLL_SCEP_PKIOPRESPONSE_EMPTY?
59665	?CCM_E_CERTENROLL_SCEP_TPM_UNAVAILABLE?	?CCM_E_CERTENROLL_SCEP_TPM_UNAVAILABLE?
61440	An attempt was made to perform an operation when initialization has not yet been completed.	An attempt was made to perform an operation when initialization has not yet been completed.
61441	The input XML is improperly formatted.	The input XML is improperly formatted.
61442	The object already exists.	The object already exists.
61443	A calculation resulted in an integer overflow.	A calculation resulted in an integer overflow.
61444	A calculation resulted in an integer underflow.	A calculation resulted in an integer underflow.
61445	An attempted rollback has failed.	An attempted rollback has failed.
61446	A failure happens when CSP runs outproc.	A failure happens when CSP runs outproc.
61696	The session has been aborted.	The session has been aborted.
61698	Authentication of the server failed.	Authentication of the server failed.
61700	The user has chosen to reject management actions.	The user has chosen to reject management actions.
61701	An action was performed on a node with an unexpected type.	An action was performed on a node with an unexpected type.
61702	The user has chosen to cancel management actions.	The user has chosen to cancel management actions.
61703	The management command has been bypassed.	The management command has been bypassed.
61704	A dialog has timed out while awaiting user acknowledgement.	A dialog has timed out while awaiting user acknowledgement.
61705	Text to be displayed is too large.	Text to be displayed is too large.
61707	The push message data has some parsing error.	The push message data has some parsing error.
61709	Previous keep alive message is still being processed and server send down new commands.	Previous keep alive message is still being processed and server send down new commands.
61710	Processing results that span multiple messages.	Processing results that span multiple messages.
61711	Cannot find NGC Key to install the certificate to.	Cannot find NGC Key to install the certificate to.
61952	The OMA-DM server replied with a Status code value indicating an error for the client's SyncHdr	The OMA-DM server replied with a Status code value indicating an error for the client's SyncHdr
61953	The session has been aborted because a 407 response was received.	The session has been aborted because a 407 response was received.
61954	The session has been aborted due to user cancellation.	The session has been aborted due to user cancellation.
61956	The session has been aborted because the device is in roaming state and DM is not allowed in this case.	The session has been aborted because the device is in roaming state and DM is not allowed in this case.
61957	The session has been aborted because the HMAC provided by server didn't match with the message body.	The session has been aborted because the HMAC provided by server didn't match with the message body.
61958	The session has been aborted because the account is being deleted.	The session has been aborted because the account is being deleted.
61959	The session has been aborted because no more retry allowed.	The session has been aborted because no more retry allowed.
61960	The session has been aborted because zero-byte data response was received.	The session has been aborted because zero-byte data response was received.
61961	No more sync session allowed.	No more sync session allowed.
61962	The SSLCertCriteria is not valid.	The SSLCertCriteria is not valid.
62097	The session has been aborted because a 401 response was received.	The session has been aborted because a 401 response was received.
62099	The session has been aborted because a 403 response was received.	The session has been aborted because a 403 response was received.
62100	The session has been aborted because a 404 response was received.	The session has been aborted because a 404 response was received.
62109	The session has been aborted because a 413 response was received.	The session has been aborted because a 413 response was received.
62208	The current object is not ready for use.	The current object is not ready for use.
62209	Stream is not ready for use.	Stream is not ready for use.
62210	Data .	Data .
62211	Compression corrupted.	Compression corrupted.
62212	Name is not a valid filename.	Name is not a valid filename.
62213	There is no file by the specified name.	There is no file by the specified name.
62214	Uninstall file not found.	Uninstall file not found.
62215	File is unexpectedly readonly.	File is unexpectedly readonly.
62216	Zip archive is invalid.	Zip archive is invalid.
62217	Unsupported compression method	Unsupported compression method
62219	Invalid stream.	Invalid stream.
62220	Format is not supported.	Format is not supported.
62221	Invalid zip item.	Invalid zip item.
62223	Cannot load zlib dll.	Cannot load zlib dll.
62224	Cannot find expected exported method.	Cannot find expected exported method.

EXIF

File Name:	certutil.exe.mui
Directory:	%WINDIR%\WinSxS\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_10.0.15063.0_en-us_e136a61557009451\
File Size:	172 kB
File Permissions:	rw-rw-rw-
File Type:	Win32 DLL
File Type Extension:	dll
MIME Type:	application/octet-stream
Machine Type:	Intel 386 or later, and compatibles
Time Stamp:	0000:00:00 00:00:00
PE Type:	PE32
Linker Version:	14.10
Code Size:	0
Initialized Data Size:	175616
Uninitialized Data Size:	0
Entry Point:	0x0000
OS Version:	10.0
Image Version:	10.0
Subsystem Version:	6.0
Subsystem:	Windows GUI
File Version Number:	10.0.15063.0
Product Version Number:	10.0.15063.0
File Flags Mask:	0x003f
File Flags:	(none)
File OS:	Windows NT 32-bit
Object File Type:	Executable application
File Subtype:	0
Language Code:	English (U.S.)
Character Set:	Unicode
Company Name:	Microsoft Corporation
File Description:	CertUtil.exe
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Internal Name:	CertUtil.exe
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original File Name:	CertUtil.exe.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Directory:	%WINDIR%\WinSxS\x86_microsoft-windows-certutil.resources_31bf3856ad364e35_10.0.15063.0_en-us_85180a919ea3231b\

What is certutil.exe.mui?

certutil.exe.mui is Multilingual User Interface resource file that contain English (U.S.) language for file certutil.exe (CertUtil.exe).

File version info

File Description:	CertUtil.exe
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Company Name:	Microsoft Corporation
Internal Name:	CertUtil.exe
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original Filename:	CertUtil.exe.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Translation:	0x409, 1200

certutil.exe CertUtil.exe f2436cfb0e297f660b4809068ffcab26

File info

Translations messages and strings

EXIF

What is certutil.exe.mui?

File version info