Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2415)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6558)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5292)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status?
✍: FYIcenter.com
Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command, you will see an expired certificate report as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -verify VeriSign.crt Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Subject: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Cert Serial Number: e49efdf33ae80ecfa5113e19a4240232 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE --------CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=1 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication Application[2] = 1.3.6.1.5.5.7.3.3 Code Signing Application[3] = 1.3.6.1.5.5.7.3.1 Server Authentication Exclude leaf cert: da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09 Full chain: 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495) ------------------------------------ Expired certificate Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
As you can see from the output, the command works successfully:
⇒ Microsoft "certutil -encode" Command Options
⇐ Microsoft "certutil -verify first.crt" - Validate Certificate
2013-02-28, 16166👍, 0💬
Popular Posts:
Certificate Summary: Subject: Sonera Class1 CA Issuer: Sonera Class1 CA Expiration: 2021-04-06 10:49...
How to decode a CSR (Certificate Signing Request) and view its content? To help you to decode a CSR ...
Why "DigiNotar Root CA" certificate is shown as "not trusted" in Firefox? It seems be a root CA. "Di...
How to get my certificate signed by getacert.com as the certificate issuer? Is it free? If you have ...
How to run Java Control Panel on Windows? I can not find it on my Windows computer. The "Java Contro...