Categories:
DH Keys (39)
DSA Keys (71)
EC Keys (284)
Firefox (32)
General (13)
Google Chrome (25)
Intermediate CA (152)
Java VM (20)
JDK Keytool (25)
Microsoft CertUtil (26)
Mozilla CertUtil (18)
OpenSSL (237)
Other (17)
Portecle (38)
Publishers (1790)
Revoked Certificates (30)
Root CA (87)
RSA Keys (2041)
Tools (47)
Tutorial (7)
What Is (21)
Windows (129)
Collections:
Other Resources:
Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status?
✍: FYIcenter.com
Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command, you will see an expired certificate report as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -verify VeriSign.crt Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Subject: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Cert Serial Number: e49efdf33ae80ecfa5113e19a4240232 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE --------CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=1 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication Application[2] = 1.3.6.1.5.5.7.3.3 Code Signing Application[3] = 1.3.6.1.5.5.7.3.1 Server Authentication Exclude leaf cert: da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09 Full chain: 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495) ------------------------------------ Expired certificate Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
As you can see from the output, the command works successfully:
2013-02-28, 9849👍, 0💬
Popular Posts:
Certificate Summary: Subject: StartCom Certification Authority Issuer: StartCom Certification Author...
Certificate Summary: Subject: www.mediafire.com Issuer: VeriSign Class 3 Extended Validation SSL SGC...
How can I use Microsoft "certutil -encode" command? What are command options supported by "certutil ...
Where are private keys are stored on my Windows 7 system? I want to know where are my private keys c...
How to use the "keytool -printcert" command? I want to see what to see more information about a cert...