Best crl dating table of contents

best crl dating table of contents

Every digital certificate contains an expiration date. The expiration date is often set at one, two or three years from the date of issuance but is determined when the certificate is issued. Because a certificate that has expired is no longer valid, the subject or server using that certificate must acquire a new one. There are reasons, however, that a certificate may need to be invalidated prior to its expiration date 3.4.4. Viewing the contents of a CRL. Sally!Vandeven,!sallyvdv@gmail.com! ! Digital Certificate Revocation 14! !. Table 2 shows which revocation related features are supported and categorized by browser and platform. According to this table, the Chrome browser does not check revocation by default.

best crl dating table of contents

certutil • 10/16/2017 • 36 minutes to read • Contributors • • • • • In this article Certutil.exe is a command-line program that is installed as part of Certificate Services.

You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

When certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. When cerutil is run on a non-certification authority, the command defaults to running the certutil verb. Warning Earlier versions of certutil may not provide all of the options that are described in this document.

You can see all the options that a specific version of certutil provides by running the commands shown in the section. Menu The major sections in this document are: • • • • Verbs The following table describes the verbs that can be used with the certutil command.

Verbs Description Dump configuration information or files Parse ASN.1 file Decode hexadecimal-encoded file Decode a Base64-encoded file Encode a file to Base64 Deny a pending certificate request Resubmit a pending certificate request Set attributes for a pending certificate request Set an extension for a pending certificate request Revoke a certificate Display the disposition of the current certificate Get the default configuration string Attempt to contact the Active Directory Certificate Services Request interface -pingadmin Attempt to contact the Active Directory Certificate Services Admin interface Display information about the certification authority Retrieve the certificate for the certification authority Retrieve the certificate chain for the certification authority Get a certificate revocation list (CRL) Publish new certificate revocation lists (CRLs) [or only delta CRLs] Shutdown Active Directory Certificate Services Install a certification authority certificate Renew a certification authority certificate Dump the schema for the certificate Dump the certificate view Dump the raw database Delete a row from the server database Backup Active Directory Certificate Services Backup the Active Directory Certificate Services database Backup the Active Directory Certificate Services certificate and private key Restore Active Directory Certificate Services Restore the Active Directory Certificate Services database Restore the Active Directory Certificate Services certificate and private key Import certificate and private key Display a dynamic file list Display database locations Generate and display a cryptographic hash over a file Dump the certificate store Add a certificate to the store Delete a certificate from the store Verify a certificate in the store Repair a key association or update certificate properties or the key security descriptor Dump the certificates store Delete a certificate from the store Publish a certificate or certificate revocation list (CRL) to Active Directory Display AD templates Display certificate templates Display the certification authorities (CAs) for a certificate template Display templates for CA Manage Site Names for CAs Display, add or delete enrollment server URLs associated with a CA Display AD CAs Display Enrollment Policy CAs Display Enrollment Policy Display or delete Enrollment Policy Cache entries Display, add or delete Credential Store entries Install default certificate templates Display or delete URL cache entries Pulse auto enrollment events Display information about the Active Directory machine object Display information about the domain controller Display information about an enterprise CA Display information about the CA Display information about the smart card Manage smart card root certificates Verify a public or private key set Verify a certificate, certificate revocation list (CRL), or certificate chain Verify AuthRoot or Disallowed Certificates CTL Re-sign a certificate revocation list (CRL) or certificate Create or delete web virtual roots and file shares Create or delete web virtual roots for an OCSP web proxy Add an Enrollment Server application Delete an Enrollment Server application Add a Policy Server application Delete a Policy Server application Display the object identifier or set a display name Display the message text associated with an error code Display a registry value Set a registry value Delete a registry value Import user keys and certificates into the server database for key archival Import a certificate file into the database Retrieve an archived private key recovery blob Recover an archived private key Merge PFX files Convert a PFX file into an EPF file -?

Displays the list of verbs - -? Displays help for the verb specified. -? -v Displays a full list of verbs and Return to Syntax notations • For basic command line syntax, run certutil -? • For the syntax on using certutil with a specific verb, run certutil -? • To send all of the certutil syntax into a text file, run the following commands: • certutil -v -? > certutilhelp.txt • notepad certutilhelp.txt The following table describes the notation used to indicate command-line syntax.

Notation Description Text without brackets or braces Items you must type as shown Placeholder for which you must supply a value [Text inside square brackets] Optional items {Text inside braces} Set of required items; choose one Vertical bar ( ) Ellipsis (…) Items that can be repeated Return to -dump CertUtil [Options] [-dump] CertUtil [Options] [-dump] File Dump configuration information or files [-f] [-silent] [-split] [-p Password] [-t Timeout] Return to -asn CertUtil [Options] -asn File [type] Parse ASN.1 file type: numeric CRYPT_STRING_* decoding type Return to -decodehex CertUtil [Options] -decodehex InFile OutFile [type] type: numeric CRYPT_STRING_* encoding type [-f] Return to -decode CertUtil [Options] -decode InFile OutFile Decode Base64-encoded file [-f] Return to -encode CertUtil [Options] -encode InFile OutFile Encode file to Base64 [-f] [-UnicodeText] Return to -deny CertUtil [Options] -deny RequestId Deny pending request [-config Machine\CAName] Return to -resubmit CertUtil [Options] -resubmit RequestId Resubmit pending request [-config Machine\CAName] Return to -setattributes CertUtil [Options] -setattributes RequestId AttributeString Set attributes for pending request RequestId -- numeric Request Id of pending request AttributeString -- Request Attribute name and value pairs • Names and values are colon separated.

• Multiple name, value pairs are newline separated. • Example: "CertificateTemplate:User\nEMail:User@Domain.com" • Each "\n" sequence is converted to a newline separator. [-config Machine\CAName] Return to -setextension CertUtil [Options] -setextension RequestId ExtensionName Flags {Long | Date | String | @InFile} Set extension for pending request RequestId -- numeric Request Id of a pending request ExtensionName -- ObjectId string of the extension Flags -- 0 is recommended.

1 makes the extension critical, 2 disables it, 3 does both. If the last parameter is numeric, it is taken as a Long. If it can be parsed as a date, it is taken as a Date.

If it starts with '@', the rest of the token is the filename containing binary data or an ascii-text hex dump. Anything else is taken as a String. [-config Machine\CAName] Return to -revoke CertUtil [Options] -revoke SerialNumber [Reason] Revoke Certificate SerialNumber: Comma separated list of certificate serial numbers to revoke Reason: numeric or symbolic revocation reason • 0: CRL_REASON_UNSPECIFIED: Unspecified (default) • 1: CRL_REASON_KEY_COMPROMISE: Key Compromise • 2: CRL_REASON_CA_COMPROMISE: CA Compromise • 3: CRL_REASON_AFFILIATION_CHANGED: Affiliation Changed • 4: CRL_REASON_SUPERSEDED: Superseded • 5: CRL_REASON_CESSATION_OF_OPERATION: Cessation of Operation • 6: CRL_REASON_CERTIFICATE_HOLD: Certificate Hold • 8: CRL_REASON_REMOVE_FROM_CRL: Remove From CRL • -1: Unrevoke: Unrevoke [-config Machine\CAName] Return to -isvalid CertUtil [Options] -isvalid SerialNumber | CertHash Display current certificate disposition [-config Machine\CAName] Return to -getconfig CertUtil [Options] -getconfig Get default configuration string [-config Machine\CAName] Return to -ping CertUtil [Options] -ping [MaxSecondsToWait | CAMachineList] Ping Active Directory Certificate Services Request interface CAMachineList -- Comma-separated CA machine name list • For a single machine, use a terminating comma • Displays the site cost for each CA machine [-config Machine\CAName] Return to -CAInfo CertUtil [Options] -CAInfo [InfoName [Index | ErrorCode]] Display CA Information InfoName -- indicates the CA property to display (see below).

Use "*" for all properties. Index -- optional zero-based property index ErrorCode -- numeric error code [-f] [-split] [-config Machine\CAName] InfoName argument syntax: • file: File version • product: Product version • exitcount: Exit module count • exit [Index]: Exit module description • policy: Policy module description • name: CA name • sanitizedname: Sanitized CA name • dsname: Sanitized CA short name (DS name) • sharedfolder: Shared folder • error1 ErrorCode: Error message text • error2 ErrorCode: Error message text and error code • type: CA type • info: CA info • parent: Parent CA • certcount: CA cert count • xchgcount: CA exchange cert count • kracount: KRA cert count • kraused: KRA cert used count • propidmax: Maximum CA PropId • certstate [Index]: CA cert • certversion [Index]: CA cert version • certstatuscode [Index]: CA cert verify status • crlstate [Index]: CRL • krastate [Index]: KRA cert • crossstate+ [Index]: Forward cross cert • crossstate- [Index]: Backward cross cert • cert [Index]: CA cert • certchain [Index]: CA cert chain • certcrlchain [Index]: CA cert chain with CRLs • xchg [Index]: CA exchange cert • xchgchain [Index]: CA exchange cert chain • xchgcrlchain [Index]: CA exchange cert chain with CRLs • kra [Index]: KRA cert • cross+ [Index]: Forward cross cert • cross- [Index]: Backward cross cert • CRL [Index]: Base CRL • deltacrl [Index]: Delta CRL • crlstatus [Index]: CRL Publish Status • deltacrlstatus [Index]: Delta CRL Publish Status • dns: DNS Name • role: Role Separation • ads: Advanced Server • templates: Templates • ocsp [Index]: OCSP URLs • aia [Index]: AIA URLs • cdp [Index]: CDP URLs • localename: CA locale name • subjecttemplateoids: Subject Template OIDs Return to -ca.cert CertUtil [Options] -ca.cert OutCACertFile [Index] Retrieve the CA's certificate OutCACertFile: output file Index: CA certificate renewal index (defaults to most recent) [-f] [-split] [-config Machine\CAName] Return to -ca.chain CertUtil [Options] -ca.chain OutCACertChainFile [Index] Retrieve the CA's certificate chain OutCACertChainFile: output file Index: CA certificate renewal index (defaults to most recent) [-f] [-split] [-config Machine\CAName] Return to -GetCRL CertUtil [Options] -GetCRL OutFile [Index] [delta] Get CRL Index: CRL index or key index (defaults to CRL for newest key) delta: delta CRL (default is base CRL) [-f] [-split] [-config Machine\CAName] Return to -CRL CertUtil [Options] -CRL [dd:hh | republish] [delta] Publish new CRLs [or delta CRLs only] dd:hh -- new CRL validity period in days and hours republish -- republish most recent CRLs delta -- delta CRLs only (default is base and delta CRLs) [-split] [-config Machine\CAName] Return to -shutdown CertUtil [Options] -shutdown Shutdown Active Directory Certificate Services [-config Machine\CAName] Return to -installCert CertUtil [Options] -installCert [CACertFile] Install Certification Authority certificate [-f] [-silent] [-config Machine\CAName] Return to -renewCert CertUtil [Options] -renewCert [ReuseKeys] [Machine\ParentCAName] Renew Certification Authority certificate Use -f to ignore an outstanding renewal request, and generate a new request.

[-f] [-silent] [-config Machine\CAName] Return to -schema CertUtil [Options] -schema [Ext | Attrib | CRL] Dump Certificate Schema Defaults to Request and Certificate table Ext: Extension table Attrib: Attribute table CRL: CRL table [-split] [-config Machine\CAName] Return to -view CertUtil [Options] -view [Queue | Log | LogFail | Revoked | Ext | Attrib | CRL] [csv] Dump Certificate View Queue: Request queue Log: Issued or revoked certificates, plus failed requests LogFail: Failed requests Revoked: Revoked certificates Ext: Extension table Attrib: Attribute table CRL: CRL table csv: Output as Comma Separated Values To display the StatusCode column for all entries: -out StatusCode To display all columns for the last entry: -restrict "RequestId==$" To display RequestId and Disposition for three requests: -restrict "RequestId>=37,RequestId 1.

If a domain is not specified and a specific domain controller is not specified, this option returns a list of domain controllers to process from the default domain controller.> 2. If a domain is not specified, but a domain controller is specified, a report of the certificates on the specified domain controller is generated. > 3. If a domain is specified, but a domain controller is not specified, a list of domain controllers is generated along with reports on the certificates for each domain controller in the list.> 4.

If the domain and domain controller are specified, a list of domain controllers is generated from the targeted domain controller. A report of the certificates for each domain controller in the list is also generated.

For example, assume there is a domain named CPANDL with a domain controller named CPANDL-DC1. You could run the following command to a retrieve a list of domain controllers and their certificates that from CPANDL-DC1: certutil -dc cpandl-dc1 -dcinfo cpandl Return to -EntInfo CertUtil [Options] -EntInfo DomainName\MachineName$ [-f] [-user] Return to -TCAInfo CertUtil [Options] -TCAInfo [DomainDN | -] Display CA information [-f] [-enterprise] [-user] [-urlfetch] [-dc DCName] [-t Timeout] Return to -SCInfo CertUtil [Options] -SCInfo [ReaderName [CRYPT_DELETEKEYSET]] Display smart card information CRYPT_DELETEKEYSET: Delete all keys on the smart card [-silent] [-split] [-urlfetch] [-t Timeout] Return to -SCRoots CertUtil [Options] -SCRoots update [+][InputRootFile] [ReaderName] CertUtil [Options] -SCRoots save @OutputRootFile [ReaderName] CertUtil [Options] -SCRoots view [InputRootFile | ReaderName] CertUtil [Options] -SCRoots delete [ReaderName] Manage smart card root certificates [-f] [-split] [-p Password] Return to -verifykeys CertUtil [Options] -verifykeys [KeyContainerName CACertFile] Verify public/private key set KeyContainerName: key container name of the key to verify.

Defaults to machine keys. Use -user for user keys. CACertFile: signing or encryption certificate file If no arguments are specified, each signing CA cert is verified against its private key. This operation can only be performed against a local CA or local keys.

[-f] [-user] [-silent] [-config Machine\CAName] Return to -verify CertUtil [Options] -verify CertFile [ApplicationPolicyList | - [IssuancePolicyList]] CertUtil [Options] -verify CertFile [CACertFile [CrossedCACertFile]] CertUtil [Options] -verify CRLFile CACertFile [IssuedCertFile] CertUtil [Options] -verify CRLFile CACertFile [DeltaCRLFile] Verify certificate, CRL or chain CertFile: Certificate to verify ApplicationPolicyList: optional comma separated list of required Application Policy ObjectIds IssuancePolicyList: optional comma separated list of required Issuance Policy ObjectIds CACertFile: optional issuing CA certificate to verify against CrossedCACertFile: optional certificate cross-certified by CertFile CRLFile: CRL to verify IssuedCertFile: optional issued certificate covered by CRLFile DeltaCRLFile: optional delta CRL If ApplicationPolicyList is specified, chain building is restricted to chains valid for the specified Application Policies.

If IssuancePolicyList is specified, chain building is restricted to chains valid for the specified Issuance Policies.

If CACertFile is specified, fields in CACertFile are verified against CertFile or CRLFile. If CACertFile is not specified, CertFile is used to build and verify a full chain. If CACertFile and CrossedCACertFile are both specified, fields in CACertFile and CrossedCACertFile are verified against CertFile.

If IssuedCertFile is specified, fields in IssuedCertFile are verified against CRLFile. If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against CRLFile.

[-f] [-enterprise] [-user] [-silent] [-split] [-urlfetch] [-t Timeout] Return to -verifyCTL CertUtil [Options] -verifyCTL CTLObject [CertDir] [CertFile] Verify AuthRoot or Disallowed Certificates CTL CTLObject: Identifies the CTL to verify: • AuthRootWU: read AuthRoot CAB and matching certificates from the URL cache.

Use -f to download from Windows Update instead. • DisallowedWU: read Disallowed Certificates CAB and disallowed certificate store file from the URL cache.

Use -f to download from Windows Update instead. • AuthRoot: read registry cached AuthRoot CTL. Use with -f and a CertFile that is not already trusted to force updating the registry cached AuthRoot and Disallowed Certificate CTLs.

• Disallowed: read registry cached Disallowed Certificates CTL. -f has the same behavior as with AuthRoot. • CTLFileName: file or http: path to CTL or CAB CertDir: folder containing certificates matching CTL entries.

An http: folder path must end with a path separator. If a folder is not specified with AuthRoot or Disallowed, multiple locations will be searched for matching certificates: local certificate stores, crypt32.dll resources and the local URL cache. Use -f to download from Windows Update when necessary. Otherwise defaults to the same folder or web site as the CTLObject. CertFile: file containing certificate(s) to verify. Certificates will be matched against CTL entries, and match results displayed.

Suppresses most of the default output. [-f] [-user] [-split] Return to -sign CertUtil [Options] -sign InFileList|SerialNumber|CRL OutFileList [StartDate+dd:hh] [+SerialNumberList | -SerialNumberList | -ObjectIdList | @ExtensionFile] CertUtil [Options] -sign InFileList|SerialNumber|CRL OutFileList [#HashAlgorithm] [+AlternateSignatureAlgorithm | -AlternateSignatureAlgorithm] Re-sign CRL or certificate InFileList: comma separated list of Certificate or CRL files to modify and re-sign SerialNumber: Serial number of certificate to create.

Validity period and other options must not be present. CRL: Create an empty CRL. Validity period and other options must not be present. OutFileList: comma separated list of modified Certificate or CRL output files. The number of files must match InFileList. StartDate+dd:hh: new validity period: optional date plus; optional days and hours validity period; If both are specified, use a plus sign (+) separator. Use "now[+dd:hh]" to start at the current time. Use "never" to have no expiration date (for CRLs only).

SerialNumberList: comma separated serial number list to add or remove ObjectIdList: comma separated extension ObjectId list to remove @ExtensionFile: INF file containing extensions to update or remove: [Extensions] 2.5.29.31 = ; Remove CRL Distribution Points extension 2.5.29.15 = "{hex}" ; Update Key Usage extension _continue_="03 02 01 86" HashAlgorithm: Name of the hash algorithm preceded by a # sign AlternateSignatureAlgorithm: alternate Signature algorithm specifier A minus sign causes serial numbers and extensions to be removed.

A plus sign causes serial numbers to be added to a CRL. When removing items from a CRL, the list may contain both serial numbers and ObjectIds. A minus sign before AlternateSignatureAlgorithm causes the legacy signature format to be used. A plus sign before AlternateSignatureAlgorithm causes the alternature signature format to be used.

If AlternateSignatureAlgorithm is not specified then the signature format in the certificate or CRL is used. [-nullsign] [-f] [-silent] [-Cert CertId] Return to -vroot CertUtil [Options] -vroot [delete] Create/delete web virtual roots and file shares Return to -vocsproot CertUtil [Options] -vocsproot [delete] Create/delete web virtual roots for OCSP web proxy Return to -addEnrollmentServer CertUtil [Options] -addEnrollmentServer Kerberos | UserName | ClientCertificate [AllowRenewalsOnly] [AllowKeyBasedRenewal] Add an Enrollment Server application Add an Enrollment Server application and application pool if necessary, for the specified CA.

This command does not install binaries or packages. One of the following authentication methods with which the client connects to a Certificate Enrollment Server. • Kerberos: Use Kerberos SSL credentials • UserName: Use named account for SSL credentials • ClientCertificate: Use X.509 Certificate SSL credentials • AllowRenewalsOnly: Only renewal requests can be submitted to this CA via this URL • AllowKeyBasedRenewal -- Allows use of a certificate that has no associated account in the AD.

This applies only with ClientCertificate and AllowRenewalsOnly mode. [-config Machine\CAName] Return to -deleteEnrollmentServer CertUtil [Options] -deleteEnrollmentServer Kerberos | UserName | ClientCertificate Delete an Enrollment Server application Delete an Enrollment Server application and application pool if necessary, for the specified CA.

This command does not remove binaries or packages. One of the following authentication methods with which the client connects to a Certificate Enrollment Server. • Kerberos: Use Kerberos SSL credentials • UserName: Use named account for SSL credentials • ClientCertificate: Use X.509 Certificate SSL credentials [-config Machine\CAName] Return to -addPolicyServer CertUtil [Options] -addPolicyServer Kerberos | UserName | ClientCertificate [KeyBasedRenewal] Add a Policy Server application Add a Policy Server application and application pool if necessary.

This command does not install binaries or packages. One of the following authentication methods with which the client connects to a Certificate Policy Server: • Kerberos: Use Kerberos SSL credentials • UserName: Use named account for SSL credentials • ClientCertificate: Use X.509 Certificate SSL credentials • KeyBasedRenewal: Only policies that contain KeyBasedRenewal templates are returned to the client. This flag applies only for UserName and ClientCertificate authentication.

Return to -deletePolicyServer CertUtil [Options] -deletePolicyServer Kerberos | UserName | ClientCertificate [KeyBasedRenewal] Delete a Policy Server application Delete a Policy Server application and application pool if necessary. This command does not remove binaries or packages. One of the following authentication methods with which the client connects to a Certificate Policy Server: • Kerberos: Use Kerberos SSL credentials • UserName: Use named account for SSL credentials • ClientCertificate: Use X.509 Certificate SSL credentials • KeyBasedRenewal: KeyBasedRenewal policy server Return to -oid CertUtil [Options] -oid ObjectId [DisplayName | delete [LanguageId [Type]]] CertUtil [Options] -oid GroupId CertUtil [Options] -oid AlgId | AlgorithmName [GroupId] Display ObjectId or set display name • ObjectId -- ObjectId to display or to add display name • GroupId -- decimal GroupId number for ObjectIds to enumerate • AlgId -- hexadecimal AlgId for ObjectId to look up • AlgorithmName -- Algorithm Name for ObjectId to look up • DisplayName -- Display Name to store in DS • delete -- delete display name • LanguageId -- Language Id (defaults to current: 1033) • Type -- DS object type to create: 1 for Template (default), 2 for Issuance Policy, 3 for Application Policy • Use -f to create DS object.

[-f] Return to -error CertUtil [Options] -error ErrorCode Display error code message text Return to -getreg CertUtil [Options] -getreg [{ca|restore|policy|exit|template|enroll|chain|PolicyServers}[ProgId]][RegistryValueName] Display registry value ca: Use CA's registry key restore: Use CA's restore registry key policy: Use policy module's registry key exit: Use first exit module's registry key template: Use template registry key (use -user for user templates) enroll: Use enrollment registry key (use -user for user context) chain: Use chain configuration registry key PolicyServers: Use Policy Servers registry key ProgId: Use policy or exit module's ProgId (registry subkey name) RegistryValueName: registry value name (use "Name*" to prefix match) Value: new numeric, string or date registry value or filename.

If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value. If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value.

To force creation of a REG_MULTI_SZ value, add a "\n" to the end of the string value. If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value. If it does not refer to a valid file, it is instead parsed as [Date][+|-][dd:hh] -- an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus sign (-) separator. Use "now+dd:hh" for a date relative to the current time.

Use "chain\ChainCacheResyncFiletime @now" to effectively flush cached CRLs. [-f] [-user] [-GroupPolicy] [-config Machine\CAName] Return to -setreg CertUtil [Options] -setreg [{ca|restore|policy|exit|template|enroll|chain|PolicyServers}[ProgId]]RegistryValueName Value Set registry value ca: Use CA's registry key restore: Use CA's restore registry key policy: Use policy module's registry key exit: Use first exit module's registry key template: Use template registry key (use -user for user templates) enroll: Use enrollment registry key (use -user for user context) chain: Use chain configuration registry key PolicyServers: Use Policy Servers registry key ProgId: Use policy or exit module's ProgId (registry subkey name) RegistryValueName: registry value name (use "Name*" to prefix match) Value: new numeric, string or date registry value or filename.

If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value. If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value. To force creation of a REG_MULTI_SZ value, add a "\n" to the end of the string value. If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value.

If it does not refer to a valid file, it is instead parsed as [Date][+|-][dd:hh] -- an optional date plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus sign (-) separator. Use "now+dd:hh" for a date relative to the current time. Use "chain\ChainCacheResyncFiletime @now" to effectively flush cached CRLs. [-f] [-user] [-GroupPolicy] [-config Machine\CAName] Return to -delreg CertUtil [Options] -delreg [{ca|restore|policy|exit|template|enroll|chain|PolicyServers}[ProgId]][RegistryValueName] Delete registry value ca: Use CA's registry key restore: Use CA's restore registry key policy: Use policy module's registry key exit: Use first exit module's registry key template: Use template registry key (use -user for user templates) enroll: Use enrollment registry key (use -user for user context) chain: Use chain configuration registry key PolicyServers: Use Policy Servers registry key ProgId: Use policy or exit module's ProgId (registry subkey name) RegistryValueName: registry value name (use "Name*" to prefix match) Value: new numeric, string or date registry value or filename.

If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value. If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value. To force creation of a REG_MULTI_SZ value, add a "\n" to the end of the string value.

If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value. If it does not refer to a valid file, it is instead parsed as [Date][+|-][dd:hh] -- an optional date plus or minus optional days and hours.

If both are specified, use a plus sign (+) or minus sign (-) separator. Use "now+dd:hh" for a date relative to the current time. Use "chain\ChainCacheResyncFiletime @now" to effectively flush cached CRLs. [-f] [-user] [-GroupPolicy] [-config Machine\CAName] Return to -ImportKMS CertUtil [Options] -ImportKMS UserKeyAndCertFile [CertId] Import user keys and certificates into server database for key archival UserKeyAndCertFile -- Data file containing user private keys and certificates to be archived.

This can be any of the following: • Exchange Key Management Server (KMS) export file • PFX file CertId: KMS export file decryption certificate match token.

See . Use -f to import certificates not issued by the CA. [-f] [-silent] [-split] [-config Machine\CAName] [-p Password] [-symkeyalg SymmetricKeyAlgorithm[,KeyLength]] Return to -ImportCert CertUtil [Options] -ImportCert Certfile [ExistingRow] Import a certificate file into the database Use ExistingRow to import the certificate in place of a pending request for the same key.

Use -f to import certificates not issued by the CA. The CA may also need to be configured to support foreign certificate import: certutil -setreg ca\KRAFlags +KRAF_ENABLEFOREIGN [-f] [-config Machine\CAName] Return to -GetKey CertUtil [Options] -GetKey SearchToken [RecoveryBlobOutFile] CertUtil [Options] -GetKey SearchToken script OutputScriptFile CertUtil [Options] -GetKey SearchToken retrieve | recover OutputFileBaseName Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys script: generate a script to retrieve and recover keys (default behavior if multiple matching recovery candidates are found, or if the output file is not specified).

retrieve: retrieve one or more Key Recovery Blobs (default behavior if exactly one matching recovery candidate is found, and if the output file is specified) recover: retrieve and recover private keys in one step (requires Key Recovery Agent certificates and private keys) SearchToken: Used to select the keys and certificates to be recovered.

Can be any of the following: • Certificate Common Name • Certificate Serial Number • Certificate SHA-1 hash (thumbprint) • Certificate KeyId SHA-1 hash (Subject Key Identifier) • Requester Name (domain\user) • UPN (user@domain) RecoveryBlobOutFile: output file containing a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates.

OutputScriptFile: output file containing a batch script to retrieve and recover private keys. OutputFileBaseName: output file base name. For retrieve, any extension is truncated and a certificate-specific string and the .rec extension are appended for each key recovery blob. Each file contains a certificate chain and an associated private key, still encrypted to one or more Key Recovery Agent certificates.

For recover, any extension is truncated and the .p12 extension is appended. Contains the recovered certificate chains and associated private keys, stored as a PFX file. [-f] [-UnicodeText] [-silent] [-config Machine\CAName] [-p Password] [-ProtectTo SAMNameAndSIDList] [-csp Provider] Return to -RecoverKey CertUtil [Options] -RecoverKey RecoveryBlobInFile [PFXOutFile [RecipientIndex]] Recover archived private key [-f] [-user] [-silent] [-split] [-p Password] [-ProtectTo SAMNameAndSIDList] [-csp Provider] [-t Timeout] Return to -MergePFX CertUtil [Options] -MergePFX PFXInFileList PFXOutFile [ExtendedProperties] PFXInFileList: Comma separated PFX input file list PFXOutFile: PFX output file ExtendedProperties: Include extended properties The password specified on the command line is a comma separated password list.

If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password. [-f] [-user] [-split] [-p Password] [-ProtectTo SAMNameAndSIDList] [-csp Provider] Return to -ConvertEPF CertUtil [Options] -ConvertEPF PFXInFileList EPFOutFile [cast | cast-] [V3CACertId][,Salt] Convert PFX files to EPF file PFXInFileList: Comma separated PFX input file list EPF: EPF output file cast: Use CAST 64 encryption cast-: Use CAST 64 encryption (export) V3CACertId: V3 CA Certificate match token.

See CertId description. Salt: EPF output file salt string The password specified on the command line is a comma separated password list. If more than one password is specified, the last password is used for the output file. If only one password is provided or if the last password is "*", the user will be prompted for the output file password. [-f] [-silent] [-split] [-dc DCName] [-p Password] [-csp Provider] Return to Options This section defines the options that you can specify with the command.

Options Description -nullsign Use hash of data as signature -f Force overwrite -enterprise Use local machine Enterprise registry certificate store -user Use HKEY_CURRENT_USER keys or certificate store -GroupPolicy Use Group Policy certificate store -ut Display user templates -mt Display machine templates -Unicode Write redirected output in Unicode -UnicodeText Write output file in Unicode -gmt Display times as GMT -seconds Display times with seconds and milliseconds -silent Use silent flag to acquire crypt context -split Split embedded ASN.1 elements, and save to files -v Verbose operation -privatekey Display password and private key data -pin PIN Smart Card PIN -urlfetch Retrieve and verify AIA Certs and CDP CRLs -config Machine\CAName CA and computer name string -PolicyServer URLOrId Policy Server URL or Id.

For selection U/I, use -PolicyServer. For all Policy Servers, use -PolicyServer * -Anonymous Use anonymous SSL credentials -Kerberos Use Kerberos SSL credentials -ClientCertificate ClientCertId Use X.509 Certificate SSL credentials. For selection U/I, use -clientCertificate. -UserName UserName Use named account for SSL credentials.

For selection U/I, use -UserName. -Cert CertId Signing certificate -dc DCName Target a specific Domain Controller -restrict RestrictionList Comma separated Restriction List.

Each restriction consists of a column name, a relational operator and a constant integer, string or date. One column name may be preceded by a plus or minus sign to indicate the sort order. Examples: "RequestId = 47""+RequesterName >= a, RequesterName DOMAIN, Disposition = 21" -out ColumnList Comma separated Column List -p Password Password -ProtectTo SAMNameAndSIDList Comma separated SAM Name/SID List -csp Provider Provider -t Timeout URL fetch timeout in milliseconds -symkeyalg SymmetricKeyAlgorithm[,KeyLength] Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES Return to Additional certutil examples For some examples of how to use this command, see • • • • • Return to Feedback


best crl dating table of contents

best crl dating table of contents - A home calendar and recall method of last menstrual period for estimating gestational age in rural Bangladesh: a validation study


best crl dating table of contents

Background The best method of gestational age assessment is by ultrasound in the first trimester; however, this method is impractical in large field trials in rural areas. Our objective was to assess the validity of gestational age estimated from prospectively collected date of last menstrual period (LMP) using crown-rump length (CRL) measured in early pregnancy by ultrasound.

Methods As part of a large, cluster-randomized, controlled trial in rural Bangladesh, we collected dates of LMP by recall and as marked on a calendar every 5 weeks in women likely to become pregnant. Among those with a urine-test confirmed pregnancy, a subset with gestational age of 293) births.

We dichotomized maternal characteristics at enrollment: parity (0 and ≥1), education (≤6 and >6 years), age (≤ 20 and >20 years), and body mass index (BMI; 15 weeks gestation), and three women had twins, all of whom were considered ineligible and excluded in the analysis.

Thus, CRL was measured in 359 singleton pregnancies. Six women were ascertained as pregnant (by ultrasound) but had missing or implausible LMP and were excluded from the analysis. Thus, our analytic sample was 353 singleton pregnancies with both LMP and CRL estimates of gestational age. There were 13 miscarriages or terminations of pregnancy and 8 stillbirths among this final sample, leaving 332 pregnancies in the subset with live births. Statistical analysis We compared maternal, household, and infant characteristics between the women in the substudy and the parent trial using t tests for continuous variables and chi-squared tests for categorical variables.

The difference in gestational age at birth was calculated as LMP minus the CRL estimate. The difference was approximately normally distributed by visual examination with a Kernel density plot, and there were no extreme statistical outliers, allowing for parametric testing.

Differences in mean gestational age were tested using a t test overall and stratified by maternal and infant characteristics (term status, parity, education, age, BMI, infant sex, and SGA). Validity of LMP-based gestational age at birth was tested against the CRL-based estimate as the gold standard. First, we calculated Pearson’s correlation coefficient and the bias correction factor, which can be considered measures of precision and accuracy, respectively, in validation analysis [ ].

Then, we assessed agreement of the two continuous estimates of gestational age using Lin’s concordance correlation coefficient (CCC, combines accuracy and precision measures) [ ].

Finally, sensitivity, specificity, positive predictive value (PPV), and kappa coefficients were calculated for rates of preterm and post-term births. We then used the Intergrowth 21st CRL equation for estimating gestational age (for CRL >15 and 6 years of school 40.9 (10,799) 48.7 (172) 42 weeks gestation. All Nulliparous Parous Ultrasound visit ( n = 353) ( n = 134) ( n = 219) Gestational age a Last menstrual period, days 76.1 (12.5) 78.8 (12.8) 74.4 (12.1) Crown-rump length, days 73.3 (12.9) 74.6 (12.7) 72.5 (13.0) LMP-CRL, days 2.8 (10.8) 4.2 (10.0) 1.9 (11.2) Convergent validity b Pearson’s correlation coefficient 0.63 0.69 0.61 Bias Correction Factor 0.98 0.95 0.99 Lin’s concordance correlation coefficient (95 % CI) 0.63 (0.56, 0.69) 0.66 (0.56, 0.75) 0.60 (0.52, 0.68) Live birth ( n = 332) ( n = 127) ( n = 205) Gestational age a Last menstrual period, days 276.2 (18.1) 275.9 (17.7) 276.5 (18.4) Crown-rump length, days 273.4 (14.2) 271.6 (13.6) 274.6 (14.5) LMP-CRL, days 2.8 (10.7) 4.3 (10.0) 1.9 (11.0) Convergent validity b Pearson’s correlation coefficient 0.81 0.83 0.80 Bias correction factor 0.96 0.93 0.97 Lin’s concordance correlation coefficient (95 % CI) 0.77 (0.73, 0.81) 0.77 (0.71, 0.83) 0.77 (0.72, 0.83) Validity of classifying preterm Prevalence of preterm by LMP, % ( n) 10.8 (36) 13.4 (17) 9.3 (19) Prevalence of preterm by CRL, % ( n) 8.7 (29) 11.0 (14) 7.3 (15) Sensitivity, % 86.2 92.9 80.0 Specificity, % 96.4 96.5 96.3 Positive predictive value, % 69.4 76.5 63.1 Kappa 0.74 0.82 0.68 Validity of classifying post-term Prevalence of post-term by LMP, % ( n) 14.2 (47) 15.0 (19) 13.7 (28) Prevalence of post-term by CRL, % ( n) 3.6 (12) 1.6 (2) 4.9 (10) Sensitivity, % 66.7 87.2 60.0 Specificity, % 88.8 87.4 89.7 Positive predictive value, % 18.2 11.1 23.1 Kappa 0.24 0.18 0.28 Preterm is 293 days gestational age by ultrasound; the Hadlock equation is used for CRL estimate of gestational age LMP first day of the last menstrual period, CRL crown-rump length aData presented as mean (SD) bIn validation analysis: Pearson’s coefficient is a measure of precision; the bias correction factor is a measure of accuracy; and Lin’s concordance correlation coefficient is a measure of reproducibility (accounting for precision and accuracy in the same estimate).

Perfect correlation/concordance for each measure = 1 Using validity measures, gestational age by LMP was in good agreement with CRL at the ultrasound visit, with a Pearson’s correlation of 0.63, bias correction factor of 0.98, and Lin’s concordance correlation of 0.63 (Table ; perfect agreement for each measure = 1).

Validity measures in nulliparous and parous women appeared similar, although consistently better among nulliparous than parous women at the time of ultrasound.

Validity measures of LMP among live births were also good with a Pearson’s correlation of 0.81, bias correction factor of 0.96, and Lin’s concordance correlation of 0.77. Validity measures at birth appeared similar by parity. Lin’s concordance correlation plot visually shows most estimates relatively close to the line of perfect concordance with deviations both above and below (Fig. ). For validating term classification, we found sensitivity, specificity, and PPV of LMP to be high for preterm but lower for post-term births (Table ).

Results for the validity of preterm and post-term also appeared similar after stratifying by parity but consistently better for preterm in nulliparous women. We ran the same validity measures using the Intergrowth 21st equation for estimating gestational age with CRL, and the results were similar to those using the Hadlock (Additional file : Table S1).

The mean (SD) difference in gestational age between LMP and CRL (Intergrowth 21st equation) at the ultrasound visit was 2.5 (10.6) days ( n = 333) and at live birth was 2.5 (10.5) days ( n = 315). We examined the difference in gestational age estimates (LMP-CRL) by maternal and infant characteristics and observed a range of differences from −1.6 to 4.3 days across characteristics (Table ).

Differences between the two gestational age estimates varied by maternal education (higher schooling was associated with a lower difference) and term status (preterm birth was associated with a lower difference).

Preterm and post-term births had LMP-CRL differences of a similar magnitude but in opposite directions (−1.57 vs. 1.58 days). We found a large contrast in the differences in estimates by maternal age (4.25 days for women ≤20 years vs. 1.96 days for women >20 years); the difference had a wide confidence interval that included the null. Gestational age difference (LMP − CRL), days Number Difference Mean (SD) Difference of the difference (95 % CI) b Years of school ≤6 years 168 4.22 (11.1) Reference >6 years 164 1.36 (10.01) −2.86 (−5.15, −0.58) Age ≤20 years 123 4.25 (9.77) Reference >20 years 208 1.96 (11.13) −2.28 (−4.66, 0.10) Early pregnancy BMI Underweight (293 days gestational age by CRL d n = 288 (with newborn weight measured at birth) Overall, we found that LMP-estimated gestational age was in good agreement with CRL-based estimation, differing by 2.8 days using the Hadlock equation and 2.5 days using the Intergrowth 21st equation.

As well, measures of validity showed relatively good agreement between LMP and CRL, with correlation coefficients 0.8 or higher for live births. Further, LMP had high sensitivity and specificity for classifying preterm birth. We found differences in reliability of LMP by years of maternal education and preterm classification, with less educated women and women delivering preterm having a larger discrepancy between their reported LMP and CRL gestational age estimates.

This study validates the use of prospectively collected LMP for estimating gestational age in a low-income, rural setting in Bangladesh, with preterm birth and SGA rates among the highest globally [ ]. Uniquely, we used our community-based study to validate this LMP method with early CRL in a reproductive-age population in a rural area. Most LMP validation studies have been done in clinic settings.

In our large field study, we collected LMP every month by prospectively tracking married women of reproductive age and using Bangla calendars in the home and urine-testing to identify new pregnancies.

This method was likely a major contributor to the good agreement we found between LMP- and CRL-based gestational ages. As such, our findings may be generalizable to studies with similar rigorous methods but may not apply to other settings, e.g., where women report LMP at a first prenatal visit. A limitation was that our planned validation study, which aimed to include 500 pregnancies, had a high attrition rate largely related to fetal loss but also other reasons, such that our final sample size for singleton live births was only 332.

In addition, we excluded women who did not enroll before 15 weeks of gestation. This resulted in the women in our validation substudy being different from the overall parent trial, with a preterm birth rate almost half that seen in the larger study, when estimated with LMP. When we examined all live births with LMP dates in the substudy (including those without CRL; n = 402), the preterm birth rate was closer to that seen in the parent trial at 13.9 %.

Other differences such as higher education, etc., in this validation group may also explain the difference between preterm birth rates with the larger study. Overall, the characteristics of women in the substudy were similar to the whole trial. Exceptions include that literacy was higher and households having electricity was lower in the substudy compared to the parent study. We were unable to explore all the potential reasons for this paradox; however, availability of schools does not necessarily correlate with availability of electricity to households, and a mother’s education would have occurred while at her parent’s household and not her (current) husband’s household.

A final concern was that the sensitivity and specificity for post-term births was found to be somewhat low, and its prevalence was highly inflated when using LMP to estimate gestational age.

It is not clear why this occurred, other than the difficulty of predicting a very narrow classification range (only 2 weeks, compared to >12 weeks for preterm classification). The goal of this research was to investigate the use of LMP as an accurate estimate of gestational age in large field trials such as ours, especially using rigorously collected menstrual dates in a free-living populations, and with the use of a calendar as an aid.

Although conducted in a small sample, we also found that the use of a durable, portable, battery-operated ultrasound machine was feasible in a rural setting with limited access to electricity. There was wide acceptance of the measurements by the community, and the study participants considered the procedure safe.

Our sensitivity and specificity estimates of LMP were similar to or better than those reported in two US studies and one in Brazil. In a state-wide study of births in California, Dietz et al. reported a sensitivity of 64 % and a positive predictive value of 59 % for classifying preterm using LMP compared to ultrasound [ ]. Similar to our study, the California study found that LMP estimated a slightly higher preterm rate (8.7 vs. 7.9 %) and a much higher post-term rate (10.1 vs.

1.1 %) compared to ultrasound and additionally, that less educated women had greater differences in estimates from the two methods.

In a multicenter US study, Hoffman et al. also reported that LMP vs. ultrasound gestational age was longer (by 0.8 days) and classified more births as post-term (4.0 vs. 0.7 %) [ ]. In a low-income population in Brazil, LMP compared to ultrasound (at 7–20 weeks gestation) greatly overestimated the rate of both preterm (17 vs. 13 %) and post-term (9.3 vs. 1.3 %) in women with a “sure” LMP [ ]. This study used interview-collected LMP at the time of enrollment, which could explain the difference from our study.

Other studies validated LMP in specific populations, such as very preterm [ ], and may not be comparable to the current study. First trimester CRL, as used in this study, is considered the best measurement for gestational age determination [ ], as it is both accurate and precise, predicting 94 % of delivery dates within 14 days [ ]. Other research also shows early pregnancy CRL to be the best at estimating gestational age among ultrasound measures of fetal size [ , ], presumably because measurements at this time should be before any discernable growth restriction that could impact gestational age estimation.

In our findings, the difference between LMP and CRL estimates were similar for SGA and non-SGA pregnancies. Thus, it is not apparent that fetal growth restriction impacted our ultrasound measurements; however, this was not a specific aim of the study to investigate. We expected that measurements could also be different based on maternal characteristics, especially those that could impact a woman’s record of LMP.

We found that LMPs reported by better educated women had better agreement with CRL, which agrees with another US study [ ]. Perhaps in our study, the discrepancy was due to the woman’s ability to read and mark the calendar we provided. We also found that for women who delivered preterm, there was a larger difference between the LMP and CRL estimates.

It is unclear why preterm would predict a larger difference between gestational age estimates than term, although the gestational age range for preterm births is much wider (24 to <37 weeks) than the narrower range defining term birth (37–42 weeks) and post-term birth (42 to <44 weeks) and more of these values are farther from the expected normal length of gestation.

We did not observe a difference in LMP and CRL estimates by maternal BMI. Although ultrasound measurements can be impacted by maternal obesity [ ], rates of overweight were very low in this population; there were only seven overweight women in our study (2 %).

Finally, we observed comparable validity results for nulliparous and parous women, similar to a previous study [ ]. Our community-based, prospectively collected LMP was a valid measure for estimating gestational age and preterm rates in a low-income, low-education, rural setting. This result is important as our parent trial found a significant reduction in the LMP-based preterm birth rate with multiple micronutrient supplementation [ ].

As well, a major public health concern in the developing world is reduction of preterm births [ ], and the use of this method could provide valid estimates of preterm births for monitoring progress toward this goal.

Although ultrasound is clearly preferred and increasingly available, we expect that LMP collected prospectively will allow public health researchers to test the impact of pregnancy interventions on preterm birth and validly estimate gestational age in rural settings. Funding The study was funded by the Bill and Melinda Gates Foundation, Seattle, WA (Grant 614). Dr. Gernand’s research was supported by the Eunice Kennedy Shriver National Institute of Child Health and Human Development of the National Institutes of Health by the International Maternal and Child Health training grant T32HD046405.

The content is solely the responsibility of the authors and does not necessarily represent the official views of the NIH. The funders had no role in the design of the study or data collection, analysis, or interpretation. Authors’ contributions ADG, MAT, FRW, ABL, KPW, and PC designed and planned the study. ADG, RRP, and BU conducted the study and collected data.

ADG conducted the analysis and wrote the article with substantial revisions from PC. RRP, BU, MAT, FRW, ABL, and KPW provided critical comments on the drafts. All authors approved the final version.

Ethics approval and consent to participate We were granted ethical approval by the Johns Hopkins School of Public Health Institutional Review Board, Baltimore, MD (IRB No: 00000570) and the Ethical Review Committee of the Bangladesh Medical Research Council, Dhaka, Bangladesh (BMRC/ERC/2007-2010/935). We performed this research in accordance with the Declaration of Helsinki. All participants gave voluntary consent for the study before participating.

Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License ( ), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The Creative Commons Public Domain Dedication waiver ( ) applies to the data made available in this article, unless otherwise stated.

Additional files • Blencowe H, Cousens S, Oestergaard MZ, Chou D, Moller AB, Narwal R, et al. National, regional, and worldwide estimates of preterm birth rates in the year 2010 with time trends since 1990 for selected countries: a systematic analysis and implications. Lancet. 2012;379:2162–72. • Alexander GR, Tompkins ME, Petersen DJ, Hulsey TC, Mor J. Discordance between LMP-based and clinically estimated gestational age: implications for research, programs, and policy.

Public Health Rep. 1995;110:395–402. • Lynch CD, Zhang J. The research implications of the selection of a gestational age estimation method. Paediatr Perinat Epidemiol. 2007;21 Suppl 2:86–96.

• Torloni MR, Vedmedovska N, Merialdi M, Betran AP, Allen T, Gonzalez R, et al. Safety of ultrasonography in pregnancy: WHO systematic review of the literature and meta-analysis. Ultrasound Obstet Gynecol. 2009;33:599–608. • Taipale P, Hiilesmaa V. Predicting delivery date by ultrasound and last menstrual period in early gestation. Obstet Gynecol. 2001;97:189–94. • Hoffman CS, Messer LC, Mendola P, Savitz DA, Herring AH, Hartmann KE. Comparison of gestational age at birth based on last menstrual period and ultrasound during the first trimester.

Paediatr Perinat Epidemiol. 2008;22:587–96. • Dietz PM, England LJ, Callaghan WM, Pearl M, Wier ML, Kharrazi M. A comparison of LMP-based and ultrasound-based estimates of gestational age using linked California livebirth and prenatal screening records. Paediatr Perinat Epidemiol. 2007;21 Suppl 2:62–71.

• Rosenberg RE, Ahmed AS, Ahmed S, Saha SK, Chowdhury MA, Black RE, et al. Determining gestational age in a low-resource setting: validity of last menstrual period. J Health Popul Nutr. 2009;27:332–8.

• Neufeld LM, Haas JD, Grajeda R, Martorell R. Last menstrual period provides the best estimate of gestation length for women in rural Guatemala. Paediatr Perinat Epidemiol. 2006;20:290–8. • American College of Obstetricians and Gynecologists. ACOG practice bulletin no. 101: ultrasonography in pregnancy. Obstet Gynecol. 2009;113:451–61. • West Jr KP, Shamim AA, Mehra S, Labrique AB, Ali H, Shaikh S, et al. Effect of maternal multiple micronutrient vs iron-folic acid supplementation on infant mortality and adverse birth outcomes in rural Bangladesh: the JiVitA-3 randomized trial.

JAMA. 2014;312:2649–58. • Christian P, Khatry SK, Katz J, Pradhan EK, LeClerq SC, Shrestha SR, et al. Effects of alternative maternal micronutrient supplements on low birth weight in rural Nepal: double blind randomised community trial. BMJ. 2003;326:571. • West Jr KP, Christian P, Labrique AB, Rashid M, Shamim AA, Klemm RD, et al. Effects of vitamin A or beta carotene supplementation on pregnancy-related mortality and infant mortality in rural Bangladesh: a cluster randomized trial.

JAMA. 2011;305:1986–95. • Gernand AD, Christian P, Schulze KJ, Shaikh S, Labrique AB, Shamim AA, et al. Maternal nutritional status in early pregnancy is associated with body water and plasma volume changes in a pregnancy cohort in rural Bangladesh.

J Nutr. 2012;142:1109–15. • Gernand AD, Christian P, Paul RR, Shaikh S, Labrique AB, Schulze KJ, et al. Maternal weight and body composition during pregnancy are associated with placental and birth weight in rural Bangladesh. J Nutr. 2012. doi: . • Hadlock FP, Shah YP, Kanon DJ, Lindsey JV. Fetal crown-rump length: reevaluation of relation to menstrual age (5-18 weeks) with high-resolution real-time US.

Radiology. 1992;182:501–5. • Villar J, Cheikh Ismail L, Victora CG, Ohuma EO, Bertino E, Altman DG, et al. International standards for newborn weight, length, and head circumference by gestational age and sex: the Newborn Cross-Sectional Study of the INTERGROWTH-21st Project.

Lancet. 2014;384:857-68. • Lin LI. A concordance correlation coefficient to evaluate reproducibility. Biometrics. 1989;45:255–68. • Papageorghiou AT, Kennedy SH, Salomon LJ, Ohuma EO, Cheikh Ismail L, Barros FC, et al. International standards for early fetal size and pregnancy dating based on ultrasound measurement of crown-rump length in the first trimester of pregnancy. Ultrasound Obstet Gynecol. 2014;44:641–8. • Christian P, Klemm R, Shamim AA, Ali H, Rashid M, Shaikh S, et al.

Effects of vitamin A and beta-carotene supplementation on birth size and length of gestation in rural Bangladesh: a cluster-randomized trial. Am J Clin Nutr. 2013;97:188–94.

• Pereira AP, Dias MA, Bastos MH, da Gama SG, Leal Mdo C. Determining gestational age for public health care users in Brazil: comparison of methods and algorithm creation.

BMC Res Notes. 2013;6:60. • Chalouhi GE, Bernard JP, Benoist G, Nasr B, Ville Y, Salomon LJ. A comparison of first trimester measurements for prediction of delivery date. J Matern Fetal Neonatal Med. 2011;24:51–7. • Daya S. Accuracy of gestational age estimation by means of fetal crown-rump length measurement. Am J Obstet Gynecol. 1993;168:903–8. • Simic M, Wahlin IA, Marsal K, Kallen K.

Maternal obesity is a potential source of error in mid-trimester ultrasound estimation of gestational age. Ultrasound Obstet Gynecol. 2010;35:48–53. • Alexander GR, Himes JH, Kaufman RB, Mor J, Kogan M.

A United States national reference for fetal growth. Obstet Gynecol. 1996;87:163–8.


best crl dating table of contents

Ive asked before, would like some fresh answers. when i found out i was pregnant i was sent for an early scan - at the scan the tech said i was five +...

Ive asked before, would like some fresh answers. when i found out i was pregnant i was sent for an early scan - at the scan the tech said i was five + weeks and didnt date my pregnancy accuratley at this point just said that the yolk sac was seen, i went back two weeks later and they said i was 7 + weeks . Why wouldnt they date me? were they just stating the min weeks i could be at the time?

as they was early emergency scans My next scan was the 12 week dating scan - i was told at this scan i was 12 weeks and 3 days and the CRL was 58.1mm Would this be right for 12 weeks and 3 days? At my 20 week scan i was 20 weeks and 3 days and the measurments were - BPD - 49.2MM FL - 33.7MM HC - 184.3MM Do the measurments sound right? both my 12 week scan and 20 week scan said my due date was 27th may 08. all answers appreicated x thanks xxx hi .. i got your e-mail btw !!

and the CRL measurments are the MOST accurate measurements taken during the pregnancy .. they probably didn*t date you at five weeks because the yolk sac does not give gestational age ..

they would have needed to see a fatel pole to measure teh CRL measurment at that time of you ealriest scan .. if they did not see it when you were about 5 weeks, which is normal, they couldn*t date you !!

they probably guessed about 5 weeks based on your gestational sac size, and the contents of it .. which was just a yolk sac , so that is consistent with 5 weeks .. at your 12 weeks scan .. the CRL can vary by a slight amount .. and the 58.1 mm that your baby measured is with in th elimits of normal size for that far into the pregnancy .. at 12 weeks the normal limits set at my place of employment are around 55mm-58.5 .. at 10 weeks, the crl should be 30 mm and after that the cells develop rapidly !!

at day 84 (12 weeks exactly) your baby should measure 55 mm .. so i would say that your 12 week scan was pretty accurate !! by the standards on your 20 week measurments i have the BPD measurment of 49.2 mm being about normal .. i actually have that more at 21 weeks and 3 days ..

but all babies are different .. this is just a guidline at this point .. the FL you have wioll vary from one baby to another .. as long as the tech put it onto the *package * of measuremtns on the machine and this is what the length measured, then you fine ..

i believe that is normal measurment for a 20 week baby .. do you have the AC measurment ?? i can figure out your ratio of HC-AC and tell you how normal that is ..

really without the AC meas. i can*t tell you much about the HC .. they have to compare it to the AC to make sure that your baby*s body is proportionate !! as long as your dates matched up each time .. which they did then i would say they are pretty acurate with your measurments !! from the way i calculated it on my worksheet ..

i would say you are bout the same as they told you !! good luck hun ! and em-mail if you need anything else ! <3 This Site Might Help You. RE: How accurate is dating by CRL? dating ultrasound results...............? Ive asked before, would like some fresh... This Site Might Help You.

RE: How accurate is dating by CRL? dating ultrasound results...............? Ive asked before, would like some fresh answers. when i found out i was pregnant i was sent for an early scan - at the scan the tech said i was five + weeks and didnt date my pregnancy accuratley at this point just said that the yolk sac was seen, i went back two weeks later and they said i was...

Asking costs 5 points and then choosing a best answer earns you 3 points! Questions must follow • Media upload failed. You can try again to add the media or go ahead and post the answer • Media upload failed.

You can try again to add the media or go ahead and post the question • Uploaded image is less than minimum required 320x240 pixels size. • Sorry, file format is not supported.

• You can only upload image with size less than 5 MB. • You can only upload video with size less than 60 MB. • Generating Preview • Go ahead and post your answer. Uploaded video will be live after processing. • Go ahead and post your question.

Uploaded video will be live after processing. • Sending request... • This may take one or two minutes • Uploading...



Best crl dating table of contents Rating: 9,3/10 459 reviews
Categories: best dating