How to search and export a certificate from a certificate store into a certificate file with Microsoft "certutil" tool using the certificate's serial number?

If you know the serial number of a certificate and in which certificate store, you can use the Microsoft "certutil -store storename serial_number file_name" command to export it to a certificate file as shown in this tutorial:

C:\fyicenter>\windows\system32\certutil -store AuthRoot
   e49efdf33ae80ecfa5113e19a4240232 VeriSign.crt

AuthRoot
================ Certificate 19 ================
Serial Number: e49efdf33ae80ecfa5113e19a4240232
Issuer: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc.,
C=US
 NotBefore: 1/28/1996 7:00 PM
 NotAfter: 1/7/2004 6:59 PM
Subject: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc.,
C=US
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4
No key provider information
Cannot find the certificate and private key for decryption.
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

• The certificate entry in the "AuthRoot" certificate store at the "Local Machine" store location is exported to the file "VeriSign.crt".
• "AuthRoot" option specifies the certificate store name in the "Local Machine" store location.
• "-store" option indicates a specified certificate in the specified certificate store to be dumped.
• "e49efdf33ae80ecfa5113e19a4240232" option specifies the serial number of the certificate to be dumped.
• "VeriSign.crt" option specifies the name of the certificate file where the specified certificate to be dumped to.

⇒ Microsoft "certutil -store CA 0 first.crt" - Export Certificate

⇐ Microsoft "certutil -store" Command Default Options

⇑ Microsoft "certutil" Commands on Certificate Stores

⇑⇑ Microsoft "certutil" - Certificate Management Tool