Microsoft "certutil -store" Command Options

Q

How can I use Microsoft "certutil -store" command? What are command options supported by "certutil -store"? The document says "Dump certificate store".

✍: FYIcenter.com

A

Microsoft "certutil -store" command can be used to dump certificate information from a specified certificate store on the local Windows computer.

Here are options supported by the "certutil -store" command:

C:\fyicenter>\windows\System32\certutil -store -?

Usage:
  CertUtil [Options] -store [CertificateStoreName [CertId [OutputFile]]]
  Dump certificate store
    CertificateStoreName -- Certificate store name. Examples:
      "My", "CA" (default), "Root",

      "ldap:///CN=Certification Authorities,CN=Public Key Services,
CN=Services,CN=Configuration,DC=...?cACertificate?one?objectClass=
certificationAuthority" (View Root Certificates)

      ...

    CertId -- Certificate or CRL match token. This can be 
      a serial number,
      an SHA-1 certificate, CRL, CTL or public key hash,
      a numeric cert index (0, 1, etc.),
      a numeric CRL index (.0, .1, etc.),
      a numeric CTL index (..0, ..1, etc.),
      a public key, signature or extension ObjectId,
      a certificate subject Common Name,
      an e-mail address, UPN or DNS name,
      a key container name or CSP name,
      a template name or ObjectId,
      an EKU or Application Policies ObjectId,
      or a CRL issuer Common Name.
      Many of the above may result in multiple matches.

    OutputFile -- file to save matching cert

    Use -user to access a user store instead of a machine store.
    Use -enterprise to access a machine enterprise store.
    Use -service to access a machine service store.
    Use -grouppolicy to access a machine group policy store.

    Examples:
      -enterprise NTAuth
      -enterprise Root 37
      -user My 26e0aaaf000000000004
      CA .11

Options:
  -f           -- Force overwrite
  -enterprise  -- Use local machine Enterprise registry certificate store
  -user        -- Use HKEY_CURRENT_USER keys or certificate store
  -GroupPolicy -- Use Group Policy certificate store
  -gmt         -- Display times as GMT
  -seconds     -- Display times with seconds and milliseconds
  -silent      -- Use silent flag to acquire crypt context
  -split       -- Split embedded ASN.1 elements, and save to files
  -v           -- Verbose operation
  -privatekey  -- Display password and private key data
  -dc DCName   -- Target a specific Domain Controller

CertUtil -?         -- Display a verb list (command list)
CertUtil -store -?  -- Display help text for the "store" verb
CertUtil -v -?      -- Display all help text for all verbs

2013-02-25, 8118👍, 0💬