Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (80)
EC Keys (2382)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6506)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5251)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Microsoft "certutil" Certificate Store Locations
How can I specify the search location of certificate stores for Microsoft "certutil" command? The document says that by default "certutil" searches for certificate stores at the local machine level.
✍: FYIcenter.com
Microsoft "certutil" command allows you search certificate stores at 5 locations:
1. Local Machine (no option) - This is the default option. Local machine certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, UserDS, ... For example, "certutil -store root" command dumps all certificates from the "Root" certificate store at the local machine location.
2. Current User ("-user" option) - Current user certificate stores are recorded in Windows registry at "HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, ... For example, "certutil -user -store my" command dumps all certificates from the "MY" certificate store at the current user location.
3. Machine Enterprise ("-enterprise" option) - Machine enterprise certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates". Predefined certificate store names are: AuthRoot, CA, NTAuth, Root, ... For example, "certutil -enterprise -store ntauth" command dumps all certificates from the "NTAuth" certificate store at the machine enterprise location.
4. Machine Service ("-service" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services \ServiceName\SystemCertificates". Predefined certificate store names are: MY, CA, Trust, Root, ... For example, "certutil -service -store MOM\My" command dumps all certificates from the "MY" certificate store of the "MOM" service at the machine service location.
5. Machine Group Policy ("-grouppolicy" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, Trust, ... For example, "certutil -grouppolicy -store ca" command dumps all certificates from the "CA" certificate store at the machine group policy location.
If you want to see certificate store names defined in Windows registry, you can use the "regedit" command view the registry key of the certificate store location.
⇐ Introduction to Microsoft "certutil" Commands
2016-08-01, 101116👍, 1💬
Popular Posts:
How to view Java system-level signer CA certificates using Java Control Panel? To view Java system-l...
Certificate Summary: Subject: Cybertrust Public SureServer SV CA Issuer: Baltimore CyberTrust Root E...
Why www.facebook.com has 2 certificates for their HTTPS Web site? To understand why www.facebook.com...
What is OCSP (Online Certificate Status Protocol)? OCSP (Online Certificate Status Protocol) is an I...
Certificate summary - Owner: GeoTrust Primary Certification Authority, GeoTrust Inc., US Issuer: Equ...