Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (2157)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6123)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5000)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Microsoft "certutil" Certificate Store Locations
How can I specify the search location of certificate stores for Microsoft "certutil" command? The document says that by default "certutil" searches for certificate stores at the local machine level.
✍: FYIcenter.com
Microsoft "certutil" command allows you search certificate stores at 5 locations:
1. Local Machine (no option) - This is the default option. Local machine certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, UserDS, ... For example, "certutil -store root" command dumps all certificates from the "Root" certificate store at the local machine location.
2. Current User ("-user" option) - Current user certificate stores are recorded in Windows registry at "HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, MY, Root, ... For example, "certutil -user -store my" command dumps all certificates from the "MY" certificate store at the current user location.
3. Machine Enterprise ("-enterprise" option) - Machine enterprise certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates". Predefined certificate store names are: AuthRoot, CA, NTAuth, Root, ... For example, "certutil -enterprise -store ntauth" command dumps all certificates from the "NTAuth" certificate store at the machine enterprise location.
4. Machine Service ("-service" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services \ServiceName\SystemCertificates". Predefined certificate store names are: MY, CA, Trust, Root, ... For example, "certutil -service -store MOM\My" command dumps all certificates from the "MY" certificate store of the "MOM" service at the machine service location.
5. Machine Group Policy ("-grouppolicy" option) - Machine service certificate stores are recorded in Windows registry at "HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates". Predefined certificate store names are: AuthRoot, CA, Trust, ... For example, "certutil -grouppolicy -store ca" command dumps all certificates from the "CA" certificate store at the machine group policy location.
If you want to see certificate store names defined in Windows registry, you can use the "regedit" command view the registry key of the certificate store location.
⇐ Introduction to Microsoft "certutil" Commands
2016-08-01, 99558👍, 1💬
Popular Posts:
Certificate summary - Owner: www.kaskus.co.id, Terms of use at www.verisign.com/rpa (c)05, PT. DARTA...
How to view the server certificate of the Website in Google Chrome? I know the Web site uses a "http...
How to create a new certificate to be used by someone to secure emails using "makecert.exe"? If you ...
How to open a keystore file with Portecle? Note: Portecle supports the following keystore types: JKS...
Why am I getting this "Your connection is not private" error with Chrome on my Android device? If yo...