Skip to content

Root & Issuing CA Post Install batch files

Automate your Certificate Authority configuration with our pre-validated batch files. Ensure your Root and Sub-Issuing CAs are correctly configured post-installation with a single click.

Get in Touch Download Files
Encryption Assessment
Trusted By

Prerequisite to perform

Post Installation Configuration

When configuring AIA

The certutil command will be configuring a static file system location, a lightweight directory access path (LDAP) location, and http location for the AIA. Edit each path in regards for your system.

When configuring CDP

The certutil command will be configuring a static file system location, an LDAP location, an http location, and a file system location. Edit each path in regards for your system.

Publish Root CA Certificate & CRL

Run the following actions to publish the Root CA certificate and CRL correctly:

  • Save the Root CA certificate to a trusted location before distributing it.

  • Use certutil -dspublish to publish the Root CA certificate to Active Directory (for enterprise environments).

  • Copy the Root CA certificate to the AIA and CDP locations defined in the CA settings.

  • Ensure the CRL is generated and placed at the CRL Distribution Point path.

  • Validate the URL paths to confirm accessibility for external clients.

*Batch file handles: Certificate publishing, CRL generation, and URL verification tasks for you.

ROI with CertSecure

Disclaimer

The provided batch files are for post-installation use only. Ensure your CA is installed and initialized before executing these scripts. Misuse or incorrect execution can result in misconfiguration of your PKI setup.

Root and Issuing CA Post

Install Batch Files

These batch files automate the key configuration steps for both Root and Sub-Issuing Certificate Authorities after installation.

Root CA Batch File Includes:

Setting AIA and CDP locations in the registry.

Publishing the Root CA certificate and CRL.

Copying the Root CA certificate and CRL to predefined folders.

Running certutil commands for publishing and verification.

Sub-Issuing CA Batch File Includes:

Updating CRL and AIA paths.

Setting the registry keys for renewal overlap.

Publishing CRLs to HTTP-based CDP locations.

Enabling Delta CRL configurations if applicable.

These scripts are pre-validated for Windows Server-based CA setups and follow best practices recommended by Microsoft and industry compliance standards.

Need help customizing the batch files for your organization’s unique PKI structure? Reach out to our experts for tailored guidance.








    Let's Connect!

    Reach out today and let us help you strengthen your data protection strategy.

    Contact Us