Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3305)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2647)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Microsoft "certutil" Certificate Store Locations
How can I specify the search location of certificate stores for Microsoft "certutil" command? The document says that by default "certutil" searches for certificate stores at the local machine level.
✍: FYIcenter.com
Microsoft "certutil" command allows you search certificate stores at 5 locations:
1. Local Machine (no option) - This is the default option. Local machine certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, UserDS, ... For example, "certutil -store root" command dumps all certificates from the "Root" certificate store at the local machine location.
2. Current User ("-user" option) - Current user certificate stores are recorded in Windows registry at "HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, ... For example, "certutil -user -store my" command dumps all certificates from the "MY" certificate store at the current user location.
3. Machine Enterprise ("-enterprise" option) - Machine enterprise certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates". Predefined certificate store names are: AuthRoot, CA, NTAuth, Root, ... For example, "certutil -enterprise -store ntauth" command dumps all certificates from the "NTAuth" certificate store at the machine enterprise location.
4. Machine Service ("-service" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services \ServiceName\SystemCertificates". Predefined certificate store names are: MY, CA, Trust, Root, ... For example, "certutil -service -store MOM\My" command dumps all certificates from the "MY" certificate store of the "MOM" service at the machine service location.
5. Machine Group Policy ("-grouppolicy" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, Trust, ... For example, "certutil -grouppolicy -store ca" command dumps all certificates from the "CA" certificate store at the machine group policy location.
If you want to see certificate store names defined in Windows registry, you can use the "regedit" command view the registry key of the certificate store location.
⇐ Introduction to Microsoft "certutil" Commands
2016-08-01, 95258👍, 1💬
Popular Posts:
Certificate Summary: Subject: www.blackhatworld.com Issuer: Thawte DV SSL CA Expiration: 2014-07-23 ...
I need a certificate to connect my facebook-profile and my hotmail. I have not been able to find the...
Why I am getting the "./demoCA/newcerts: No such file or directory" error when running OpenSSL "ca" ...
Certificate summary - Owner: WebSpace-Forum Server CA, "WebSpace-Forum, Thomas Wendt", DE Issuer: UT...
How can I use Microsoft "certutil -encode" command? What are command options supported by "certutil ...