The following is an example: certutil –v –store my. This command dumps the certificate information to the screen.
The following are the meanings of the various KeySpec values:
| Keyspec value | Means | Recommended AD FS use |
|---|---|---|
0 | The certificate is a CNG cert | SSL certificate only |
1 | For a legacy CAPI (non-CNG) cert, the key can be used for signing and decryption | SSL, token signing, token decrypting, service communication certificates |
2 | For a legacy CAPI (non-CNG) cert, the key can be used only for signing | not recommended |
