First of all: Really nice work! Your module saved me a looooot of time!
While using it, I found a small bug:
If I try to use the Revoke-Certificate function with the -Unrevoke parameter I get an error stating "The Parameter is incorrect". Revoking with any other reason works fine.
Digging a bit into the code I found out that the error is caused by the method:
ICertAdmin2::RevokeCertificate(strConfig,strSerialNumber,Reason,Date).
Parameter reason is defined the following for unrevoke:
You can reinstate a certificate revoked with the CRL_REASON_CERTIFICATE_HOLD revocation reason code by calling RevokeCertificate with MAXDWORD as the Reason value. Note that if a certificate has been revoked with any reason code other than CRL_REASON_CERTIFICATE_HOLD, it cannot be reinstated.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa383251(v=vs.85).aspx
The function as it is provided by you calls this method with the parameter reason containing the number "2147483647".
Now, MAXDWORD resolves to 0xffffffff, and as I am working on a Server 2008 R2 / Server 2012 / Server 2012 R2, 0xffffffff resolves to -1.
So if I change 2147483647 to -1 in your Revoke-Certificate function, everything works fine:
```
$Reasons = @{"Unspecified"=0;"KeyCompromise"=1;"CACompromise"=2;"AffiliationChanged"=3;"Superseded"=4;
"CeaseOfOperation"=5;"Hold"=6;"ReleaseFromCRL"=8;"Unrevoke"=-1}
```
Would be nice if you could fix this in future version.
Keep up the good work!
Thanks,
Raphael
Comments: fixed in v3.0
While using it, I found a small bug:
If I try to use the Revoke-Certificate function with the -Unrevoke parameter I get an error stating "The Parameter is incorrect". Revoking with any other reason works fine.
Digging a bit into the code I found out that the error is caused by the method:
ICertAdmin2::RevokeCertificate(strConfig,strSerialNumber,Reason,Date).
Parameter reason is defined the following for unrevoke:
You can reinstate a certificate revoked with the CRL_REASON_CERTIFICATE_HOLD revocation reason code by calling RevokeCertificate with MAXDWORD as the Reason value. Note that if a certificate has been revoked with any reason code other than CRL_REASON_CERTIFICATE_HOLD, it cannot be reinstated.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa383251(v=vs.85).aspx
The function as it is provided by you calls this method with the parameter reason containing the number "2147483647".
Now, MAXDWORD resolves to 0xffffffff, and as I am working on a Server 2008 R2 / Server 2012 / Server 2012 R2, 0xffffffff resolves to -1.
So if I change 2147483647 to -1 in your Revoke-Certificate function, everything works fine:
```
$Reasons = @{"Unspecified"=0;"KeyCompromise"=1;"CACompromise"=2;"AffiliationChanged"=3;"Superseded"=4;
"CeaseOfOperation"=5;"Hold"=6;"ReleaseFromCRL"=8;"Unrevoke"=-1}
```
Would be nice if you could fix this in future version.
Keep up the good work!
Thanks,
Raphael
Comments: fixed in v3.0