Microsoft "certutil -store" - Search Certificate by Serial Number


How to search and export a certificate from a certificate store into a certificate file with Microsoft "certutil" tool using the certificate's serial number?



If you know the serial number of a certificate and in which certificate store, you can use the Microsoft "certutil -store storename serial_number file_name" command to export it to a certificate file as shown in this tutorial:

C:\fyicenter>\windows\system32\certutil -store AuthRoot
   e49efdf33ae80ecfa5113e19a4240232 VeriSign.crt

================ Certificate 19 ================
Serial Number: e49efdf33ae80ecfa5113e19a4240232
Issuer: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc.,
 NotBefore: 1/28/1996 7:00 PM
 NotAfter: 1/7/2004 6:59 PM
Subject: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc.,
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4
No key provider information
Cannot find the certificate and private key for decryption.
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

  • The certificate entry in the "AuthRoot" certificate store at the "Local Machine" store location is exported to the file "VeriSign.crt".
  • "AuthRoot" option specifies the certificate store name in the "Local Machine" store location.
  • "-store" option indicates a specified certificate in the specified certificate store to be dumped.
  • "e49efdf33ae80ecfa5113e19a4240232" option specifies the serial number of the certificate to be dumped.
  • "VeriSign.crt" option specifies the name of the certificate file where the specified certificate to be dumped to.


Microsoft "certutil -store CA 0 first.crt" - Export Certificate

Microsoft "certutil -store" Command Default Options

Microsoft "certutil" Commands on Certificate Stores

⇑⇑ Microsoft "certutil" - Certificate Management Tool

2013-02-27, 35430🔥, 0💬