Microsoft "certutil -store" - Search Certificate by Serial Number

Q

How to search and export a certificate from a certificate store into a certificate file with Microsoft "certutil" tool using the certificate's serial number?

✍: FYIcenter.com

A

If you know the serial number of a certificate and in which certificate store, you can use the Microsoft "certutil -store storename serial_number file_name" command to export it to a certificate file as shown in this tutorial:

C:\fyicenter>\windows\system32\certutil -store AuthRoot 
   e49efdf33ae80ecfa5113e19a4240232 VeriSign.crt
 
AuthRoot
================ Certificate 19 ================
Serial Number: e49efdf33ae80ecfa5113e19a4240232
Issuer: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc., 
C=US
 NotBefore: 1/28/1996 7:00 PM
 NotAfter: 1/7/2004 6:59 PM
Subject: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc.,
C=US
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4
No key provider information
Cannot find the certificate and private key for decryption.
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

  • The certificate entry in the "AuthRoot" certificate store at the "Local Machine" store location is exported to the file "VeriSign.crt".
  • "AuthRoot" option specifies the certificate store name in the "Local Machine" store location.
  • "-store" option indicates a specified certificate in the specified certificate store to be dumped.
  • "e49efdf33ae80ecfa5113e19a4240232" option specifies the serial number of the certificate to be dumped.
  • "VeriSign.crt" option specifies the name of the certificate file where the specified certificate to be dumped to.

2013-02-27, 10597👍, 0💬