PKIDiag is a utility designed to diagnose and fix Certificate Server objects. PKIDiag can be used to do the following:
Rename or move server-related objects so that they conform to the correct naming and containment scheme if a server has been moved.
Create required objects if they do not exist.
Grant the necessary rights between objects.
Link objects if they are not linked.
Create the SSL CertificateIP and the SSL CertificateDNS certificates if they do not exist.
Fix the SSL CertificateIP and the SSL CertificateDNS certificates if either has an incorrect name, is out of date, or is close to expiring.
To load PKIDiag, at a server prompt type
Load PKIDiag
To see a list of command line options, at a server prompt type
Load PKIDiag /?
The functionality of PKIDiag is used by two other processes, the server auto health check and the Create Default Certificate task in iManager.
The server auto health check is run whenever a server is restarted or whenever DSREPAIR is run. Create Default Certificate is a process you use to replace the default certificates created when you install Certificate Server. See Section 4.2.2, Creating Default Server Certificate Objects for more information.
See TID #3640106 for more information about PKIDiag and how it can be used.