Windows Server 2012 -- certutil, finding out what a cerificate is used for ?

I have the same issue https://community.spiceworks.com/topic/1989498-active-directory-certificate-authority-no-longer-exists talks about

How can I find out what a certificate was used for to determine if I need to make sure it still works since most of the items that were in the old domain I walked into (Exchange, SharePoint, etc) are no longer in use, therefore I might not need any SERVER "CA" certificates ?
finance_teacherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
that is like saying I have a tool chest and I want to determine which tools to discard to clear up space.  the tool (certificate) doesn't determine who uses it all it knows is its intended purpose. (certificate properties)

Expired certificates can probably be removed since they are non functional.  If you have any certificates issued by symantec you will have to replace them using the digicert free replacement options.  Symantec lost their status as a certificate authority due to misconduct.  When I import a certificate I give it a meaningful name.
0
btanExec ConsultantCommented:
I dont think you will want to even use it if you do not has the private key. Nonetheless, here is one inspector tool which is used to scan for neglected certificate or similar. It scan a system and surface the cert more information.
Other Data Collected: Certificate Signature Algorithm, Common Name, Issuer Company, Key Algorithm, Key Size, Organization Name, Revocation Status, Self-signed, Serial Number
Subject Alternative Names (SANs), Thumbprint, Valid Dates, Validation Type

X.509 Extensions Examined: AIA Issuer Path URL, AIA OCSP URL, Basic Constraints, CRL Distribution Point, Extended Key Usage, Key Usage
https://www.digicert.com/cert-inspector-how-it-works.htm
Should go backer to the issuing CA and if the latter cease to exist, then better not use this cert...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Enterprise Certificate Authority

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.