Jesper Nøhr jespernohr

## azcp-schedule.xml
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2016-10-21T07:41:00.0701441</Date>
    <Author>blog\awaii</Author>
    <Description>This command copies content from local folder d:\crl  to  Azure Storage blob account and saves a log file to local drive d:\logs
/XO
Excludes an older source resource. The resource will not be copied if the last modified time of the source is the same or older than destination.
Applicable to: Blobs, Files
/Y

## azcp
# This command copies content from local folder d:\crl to Azure Storage blob and saves a log file to local drive d:\logs
.\AzCopy.exe /Source:d:\crl /Dest:https://example.blob.core.windows.net/crl/ /DestKey:******== /Pattern:*.cr* /XO /Y /V:d:\logs\azcopy.log

## azcopy.ps1
# This command copies content from local folder d:\crl to Azure Storage blob and saves a log file to local drive d:\logs
.\AzCopy.exe /Source:d:\crl /Dest:https://example.blob.core.windows.net/crl/ /DestKey:******== /Pattern:*.cr* /XO /Y /V:d:\logs\azcopy.log

## cdp
$crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force};
Add-CACRLDistributionPoint -Uri E:\pki\%3%8%9.crl -PublishToServer -Force
Add-CACRLDistributionPoint -Uri http://pki.azureedge.net/%3%8%9.crl -AddToCertificateCDP -Force
$aialist = Get-CAAuthorityInformationAccess; foreach ($aia in $aialist) {Remove-CAAuthorityInformationAccess $aia.uri -Force};
Add-CAAuthorityInformationAccess -AddToCertificateAia http://pki.azureedge.net/%1_%3%4.crt -Force
Certutil -setreg CA\CRLPeriodUnits 2
Certutil -setreg CA\CRLPeriod "Weeks"
Certutil -setreg CA\CRLDeltaPeriodUnits 1
Certutil -setreg CA\CRLDeltaPeriod "Days"
Certutil -setreg CA\CRLOverlapPeriodUnits 12

## issuingca1
Certutil –installcert pki02.fabrikam.com_fabrikamIssuingCA.crt
start-service certsvc
copy c:\Windows\system32\certsrv\certenroll\*.cr* e:\pki\

## issuingca
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "fabrikamIssuingCA" -KeyLength 2048 -HashAlgorithm SHA256 -CryptoProviderName "ECDSA_P256#Microsoft Software Key Storage Provider"

## CAPolicy.inf2
[Version]
Signature="$Windows NT$"
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
Notice="Legal Policy Statement"
URL=http://pki.azureedge.net/cps.txt
[Certsrv_Server]
RenewalKeyLength=2048

## pki-share
new-item -path E:\pki -type directory
write-output "This is a sample CPS. Modify as needed." | out-file E:\pki\cps.txt
new-smbshare -name pki E:\pki -FullAccess SYSTEM,"fabrikam\Domain Admins" -ChangeAccess "fabrikam\Cert Publishers"

## gist:06574afc62e47216f194010281fade8f
certutil –dspublish –f pki01_fabrikamRootCA.crt RootCA
certutil –addstore –f root pki01_fabrikamRootCA.crt
certutil –addstore –f root fabrikamRootCA.crl

## CRLverify.ps1
	Get-CACRLDistributionPoint | format-list
	<?xml version="1.0" encoding="UTF-16"?>
	<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
	<RegistrationInfo>
	<Date>2016-10-21T07:41:00.0701441</Date>
	<Author>blog\awaii</Author>
	<Description>This command copies content from local folder d:\crl to Azure Storage blob account and saves a log file to local drive d:\logs
	/XO
	Excludes an older source resource. The resource will not be copied if the last modified time of the source is the same or older than destination.
	Applicable to: Blobs, Files
	/Y
	# This command copies content from local folder d:\crl to Azure Storage blob and saves a log file to local drive d:\logs
	.\AzCopy.exe /Source:d:\crl /Dest:https://example.blob.core.windows.net/crl/ /DestKey:*****== /Pattern:.cr* /XO /Y /V:d:\logs\azcopy.log
	$crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force};
	Add-CACRLDistributionPoint -Uri E:\pki\%3%8%9.crl -PublishToServer -Force
	Add-CACRLDistributionPoint -Uri http://pki.azureedge.net/%3%8%9.crl -AddToCertificateCDP -Force
	$aialist = Get-CAAuthorityInformationAccess; foreach ($aia in $aialist) {Remove-CAAuthorityInformationAccess $aia.uri -Force};
	Add-CAAuthorityInformationAccess -AddToCertificateAia http://pki.azureedge.net/%1_%3%4.crt -Force
	Certutil -setreg CA\CRLPeriodUnits 2
	Certutil -setreg CA\CRLPeriod "Weeks"
	Certutil -setreg CA\CRLDeltaPeriodUnits 1
	Certutil -setreg CA\CRLDeltaPeriod "Days"
	Certutil -setreg CA\CRLOverlapPeriodUnits 12
	Certutil –installcert pki02.fabrikam.com_fabrikamIssuingCA.crt
	start-service certsvc
	copy c:\Windows\system32\certsrv\certenroll\.cr e:\pki\
	Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
	Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "fabrikamIssuingCA" -KeyLength 2048 -HashAlgorithm SHA256 -CryptoProviderName "ECDSA_P256#Microsoft Software Key Storage Provider"
	[Version]
	Signature="$Windows NT$"
	[PolicyStatementExtension]
	Policies=InternalPolicy
	[InternalPolicy]
	OID= 1.2.3.4.1455.67.89.5
	Notice="Legal Policy Statement"
	URL=http://pki.azureedge.net/cps.txt
	[Certsrv_Server]
	RenewalKeyLength=2048
	new-item -path E:\pki -type directory
	write-output "This is a sample CPS. Modify as needed." \| out-file E:\pki\cps.txt
	new-smbshare -name pki E:\pki -FullAccess SYSTEM,"fabrikam\Domain Admins" -ChangeAccess "fabrikam\Cert Publishers"
	certutil –dspublish –f pki01_fabrikamRootCA.crt RootCA
	certutil –addstore –f root pki01_fabrikamRootCA.crt
	certutil –addstore –f root fabrikamRootCA.crl