is a command-line program that is installed as part of Certificate Services in the Windows Server 2003 family.
You can use to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.
For more information about how to use to perform specific tasks, see the following topics:
•Certutil tasks for encoding and decoding certificates
Syntax
certutil-store -f -enterprise -user -gmt -seconds -silent -v -dc DCName CertificateStoreName CertID OutFile
CertificateStoreName Specifies one of the following store names:
ca Specifies certificates in the Intermediate Certification Authorities store.
my Specifies certificates issued to the current user.
root Specifies certificates in the Trusted Root Certification Authorities store.
spc Specifies software publisher certificates.
UserCreatedStore Specifies the name of a user-created certificate store.
Eg.
CA
Template:
Cert Hash(sha1): fe e4 49 ee 0e 39 65 a5 24 6f 00 0e 87 fd e2 a0 65 fd 89 d4
No key provider information
================ Certificate 1 ================
Serial Number: 46fcebbab4d02f0f926098233f93078f
Issuer: OU=Class 3 Public Primary Certification Authority, =VeriSign, Inc., C=U
S
Subject: OU=/CPS Ref. LIABILITY LTD.(C)97 VeriSign, OU
=VeriSign International Server CA - Class 3, OU=VeriSign, Inc., =VeriSign Trust
Network
Template:
Cert Hash(sha1): d5 59 a5 86 66 9B 08 f4 6a 30 a1 33 f8 a9 ed 3d 03 8e 2e a8
No key provider information
================ Certificate 2 ================
Serial Number: 198b11d13f9a8ffe69a0
Issuer: CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (C)
1997 Microsoft Corp.
NotBefore: 01-10-1997 12:30
NotAfter: 31-12-2002 12:30
Subject: CN=Microsoft Windows Hardware Compatibility, OU=Microsoft Corporation,
OU=Microsoft Windows Hardware Compatibility Intermediate CA, OU=Copyright (C) 19
97 Microsoft Corp.
Template:
Cert Hash(sha1): 10 9f 1c ae d6 45 bb 78 b3 ea 2b 94 c0 69 7C 74 07 33 03 1C
No key provider information
================ CRL 0 ================
=VeriSign, Inc.
L=Internet
CRL Hash(sha1): a3 77 d1 b1 c0 53 88 33 03 52 11 f4 08 3D 00 fe cc 41 4d ab
CertUtil: -store command completed successfully.
usages
>certutil -?
Verbs:
-asn — Parse ASN.1 file
-decodehex — Decode hexadecimal-encoded file
-decode — Decode Base64-encoded file
-deny — Deny pending request
-resubmit — Resubmit pending request
-revoke — Revoke Certificate
ace
e
-ca.chain — Retrieve the CA's certificate chain
-GetCRL — Get CRL
-shutdown — Shutdown Active Directory Certificate Services
-installCert — Install Certification Authority certificate
-renewCert — Renew Certification Authority certificate
-schema — Dump Certificate Schema
-view — Dump Certificate View
-db — Dump Raw Database
-backupDB — Backup Active Directory Certificate Services database
-backupKey — Backup Active Directory Certificate Services certificate
and private key
-restoreDB — Restore Active Directory Certificate Services database
-restoreKey — Restore Active Directory Certificate Services certificate
and private key
-dynamicfilelist — Display dynamic file List
-databaselocations — Display database locations
-store — Dump certificate store
-repairstore — Repair key association or update certificate properties
r key security descriptor
-viewstore — Dump certificate store
-dsPublish — Publish certificate or CRL to Active Directory
-ADTemplate — Display AD templates
-enrollmentServerURL — Display, add or delete enrollment server URLs associat
ed with a CA
-ADCA — Display AD CAs
-Policy — Display Enrollment Policy
-InstallDefaultTemplates — Install default certificate templates
-URLCache — Display or delete URL cache entries
-pulse — Pulse autoenrollment events
-DCInfo — Display domain controller information
-EntInfo — Display enterprise information
-TCAInfo — Display CA information
-SCRoots — Manage smart card root certificates
-verifykeys — Verify public/private key set
-verify — Verify certificate, CRL or chain
-sign — Re-sign CRL or certificate
-vroot — Create/delete web virtual roots and file shares
-vocsproot — Create/delete web virtual roots for OCSP web proxy
-addEnrollmentServer — Add an Enrollment Server application
-deleteEnrollmentServer — Delete an Enrollment Server application
-oid — Display ObjectId or set display name
-error — Display error code message text
-getreg — Display registry value
-setreg — Set registry value
-delreg — Delete registry value
r key archival
-GetKey — Retrieve archived private key recovery blob
-RecoverKey — Recover archived private key
-MergePFX — Merge PFX files
-? — Display this usage message
CertUtil -dump -? — Display help text for the dump” verb
CertUtil -v -? — Display all help text for all verbs
Related
Enter your comment here...
Fill in your details below or click an icon to log in:
Lesermeinungen (required) (Address never made public)
Lesermeinungen (required)
Suchen nach:
Recent Posts
Email check failed, please try again
Es tut uns leid, your blog cannot share posts by email.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
%d bloggers like this: