Microsoft "certutil -store" Command Default Options

Q

What is the default behavior of the "certutil -store" command?

✍: FYIcenter.com

A

The default behavior of the "certutil -store" command is to dump all certificates from the default certificate store "CA" at the local machine location: "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA".

Here is an example of the output from the "certutil -store" command:

C:\fyicenter>\windows\System32\certutil -store

CA
================ Certificate 0 ================
Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4
Issuer: CN=Root Agency
 NotBefore: 5/28/1996 5:02 PM
 NotAfter: 12/31/2039 6:59 PM
Subject: CN=Root Agency
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): fee449ee0e3965a5246f000e87fde2a065fd89d4
No key provider information
Cannot find the certificate and private key for decryption.

================ Certificate 1 ================
Serial Number: 46fcebbab4d02f0f926098233f93078f
Issuer: OU=Class 3 Public Primary Certification Authority, O=Veri...
 NotBefore: 4/16/1997 7:00 PM
 NotAfter: 10/24/2016 6:59 PM
Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)...
Non-root Certificate
Template:
Cert Hash(sha1): d559a586669b08f46a30a133f8a9ed3d038e2ea8
No key provider information
Cannot find the certificate and private key for decryption.

================ Certificate 2 ================
...

================ CRL 0 ================
Issuer:
    OU=VeriSign Commercial Software Publishers CA
    O=VeriSign, Inc.
    L=Internet
CRL Hash(sha1): a377d1b1c0538833035211f4083d00fecc414dab
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

  • "-store" option indicates a specified certificate in the specified certificate store to be dumped.
  • 4 entries from the default "CA" certificate store at the default "Local Machine" store location are dumped to the output: 3 certificates and 1 CRL (Certificate Revocation list) entry.

 

Microsoft "certutil -store" - Search Certificate by Serial Number

Microsoft "certutil -store" Command Options

Microsoft "certutil" Commands on Certificate Stores

⇑⇑ Microsoft "certutil" - Certificate Management Tool

2013-02-26, 13348👍, 0💬