certutil

view OCSP cache:
certutil -urlcache ocsp

view CRL cache:
certutil -urlcache crl

view both OCSP and CRL cache:
certutil -urlcache *

delete OCSP cache:
certutil -urlcache ocsp delete

delete CRL cache:
certutil -urlcache crl delete

delete “all” cache:
certutil -urlcache * delete

immediately invalidate all items from the cache:
certutil -setreg chain\ChainCacheResyncFiletime @now

invalidate the currently cached items in 2 day, 4 hours(sets a registry value to the current date and time plus 2 days and 4 hour), basically disables temporarily the cache until after now plus 2 days and 4 hours:
certutil -setreg chain\ChainCacheResyncFiletime @now+2:4

identify the last time that the cache was invalidated(displays registry value):
certutil -getreg chain\ChainCacheResyncFiletime

to delete a registry value:
certutil -delreg chain\ChainCacheResyncFiletime

Also the certutil command has an option(GUI) to verify the status of a certificate:
certutil -url ‘certificatefilename’

Additionally you can check the validity of a certificate
certutil -f –urlfetch -verify 'certificatefilename’

Backup Cert database
certutil –backupdb BackupDirectory

backup private key
certutil -f –backupkey BackupDirectory

determine the CSP and hash algorithm
certutil -getreg ca\csp\*

Disable web enrolment after uninstalling cert srv
certutil -vroot delete

Shutdown CA
certutil –shutdown

Find Database location
certutil -databaselocations

restore db
certutil –F –restoredb BackupDirectory

enable the use of version 2 and version 3 certificates on an upgraded enterprise CA
certutil -setreg ca\setupstatus +512

Resetting the CRL Publishing Period
certutil –delreg CA\CRLNextPublish
certutil –delreg CA\CRLDeltaNextPublish

Certificate database and log file location
%WINDIR%\system32\certlog and %WINDIR%\system32\certsrv