Microsoft "certutil -verify" Command Options


How can I use Microsoft "certutil -verify" command? What are command options supported by "certutil -verify"? The document says "Verify certificate, CRL or chain".



Microsoft "certutil -verify" command can be used to verify (validate) certificate saved in a certificate file.

Here are options supported by the "certutil -verify" command:

C:\fyicenter>\windows\system32\certutil -verify -?

  CertUtil [Options] -verify CertFile 
           [ApplicationPolicyList | - [IssuancePolicyList]]

  CertUtil [Options] -verify CertFile [CACertFile [CrossedCACertFile]]

  CertUtil [Options] -verify CRLFile CACertFile [IssuedCertFile]

  CertUtil [Options] -verify CRLFile CACertFile [DeltaCRLFile]

  Verify certificate, CRL or chain
    CertFile -- Certificate to verify
    ApplicationPolicyList -- optional comma separated list of required
            Application Policy ObjectIds
    IssuancePolicyList -- optional comma separated list of required 
            Issuance Policy ObjectIds
    CACertFile -- optional issuing CA certificate to verify against
    CrossedCACertFile -- optional certificate cross-certified by CertFile
    CRLFile -- CRL to verify
    IssuedCertFile -- optional issued certificate covered by CRLFile
    DeltaCRLFile -- optional delta CRL

    If ApplicationPolicyList is specified, chain building is restricted to
            chains valid for the specified Application Policies.
    If IssuancePolicyList is specified, chain building is restricted to chains
            valid for the specified Issuance Policies.
    If CACertFile is specified, fields in CACertFile are verified against
            CertFile or CRLFile.
    If CACertFile is not specified, CertFile is used to build and verify a full
    If CACertFile and CrossedCACertFile are both specified, fields in
            CACertFile and CrossedCACertFile are verified against CertFile.
   If IssuedCertFile is specified, fields in IssuedCertFile are verified
            against CRLFile.
    If DeltaCRLFile is specified, fields in DeltaCRLFile are verified against

  -f          -- Force overwrite
  -enterprise -- Use local machine Enterprise registry certificate store
  -user       -- Use HKEY_CURRENT_USER keys or certificate store
  -gmt        -- Display times as GMT
  -seconds    -- Display times with seconds and milliseconds
  -silent     -- Use silent flag to acquire crypt context
  -split      -- Split embedded ASN.1 elements, and save to files
  -v          -- Verbose operation
  -privatekey -- Display password and private key data
  -urlfetch   -- Retrieve and verify AIA Certs and CDP CRLs
  -t Timeout  -- URL fetch timeout in milliseconds

CertUtil -?         -- Display a verb list (command list)
CertUtil -verify -? -- Display help text for the "verify" verb
CertUtil -v -?      -- Display all help text for all verbs

2013-03-04, 11187👍, 0💬