New Post: Feature Request - Certificate Reporting

I'm not sure what do you mean under "easier capability", but certain things definitely are possible. CA database reporting is very wide question a lot of people have different requirements, so there are no exact cmdlets to make specific reports. However, the module provides generic CA database query cmdlets which you can use for your own needs. For example:

• List of certificates issued based upon template x between y and z (simply providing common name and SAN)

In this query CA database will return issued certificates that were issued during last month based on WebServer certificate template and which contains "www.company.com" name in the SAN extension.

• All issued certificates (not revoked) about to expire in June 201x. (common name and expiry date)

In this example CA database will return issued certificates that will expire in december 2015 (at any date between December 1 and December 31).

• All certificates revoked last year by Submitter X

Generally, you may need to perform manual research on what data and how it is stored in the CA database and then construct a desired query.

• Archived certificates and their corresponding KRA certificate(s)
  

this report can be constructed, but it is a bit complicated (in certain cases it could be almost impossible). First, there is "Request.RawArchivedKey" column, however it is Binary type and CA database engine doesn't support very good queries on binary columns. Therefore, the only way to query is to dump entire CA database (only issued certificates) and use PowerShell (Where-Object cmdlet) to filter out required rows.
Second, CA do not store KRA certificate information in clear way. You need to extract archived key (which is PKCS#7 blob) and only then you will be able to get KRA certificate that was used to encrypt the key.