Your network contains an enterprise root certification authority(CA).
You need to ensure that a certificate issued by the CA is valid.
What should you do?
A.
Run syskey.exe and use the Update option.
B.
Run sigverif.exe and use the Advanced option.
C.
Run certutil.exe and specify the -verify parameter.
D.
Run certreq.exe and specify the -retrieve parameter.
Explanation:
http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx
Basic CRL checking with certutil
Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you
must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate
might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the
certificate is actually invalid.