What Is Microsoft CertUtil?

Microsoft CertUtil is a command-line program that is installed as part of Certificate Services on Windows systems. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.

You can use certutil to perform a number of certificate management tasks.

• To view the syntax for a specific task, click a task:
• To validate that the certificate was issued by a specific CA
• To verify the validity of a certificate
• To install the CA certificate
• To request a renewal CA certificate
• To delete keys from the HKEY_LOCAL_MACHINE root store
• To add Netscape-compatible Web-based revocation check extensions to every issued certificate
• To retrieve the CA signing certificate and save it to a file
• To retrieve the CA signing certificate and chain and save it to a PKCS #7 file
• To import a certificate into the server database
• To display the certificates in the Local Machine certificate store
• To add a certificate or CRL to a local trusted root CA store
• To view certificate stores
• To verify all certificates in a store
• To delete a certificate from the HKEY_LOCAL_MACHINE root store
• To delete a certificate from the HKEY_CURRENT_USER root store
• To validate that the certificate was issued by a specific CA

The CertUtil program is located at C:\Windows\System32\certutil.exe

⇒ List of Commands Supported in Microsoft CertUtil

⇐ Microsoft "certutil" Certificate Store Locations

⇑ Introduction to Microsoft "certutil" Commands

⇑⇑ Microsoft "certutil" - Certificate Management Tool