Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (2157)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6123)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5000)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status?
✍: FYIcenter.com
Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command,
you will see an expired certificate report as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -verify VeriSign.crt Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Subject: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Cert Serial Number: e49efdf33ae80ecfa5113e19a4240232 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE --------CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=1 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication Application[2] = 1.3.6.1.5.5.7.3.3 Code Signing Application[3] = 1.3.6.1.5.5.7.3.1 Server Authentication Exclude leaf cert: da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09 Full chain: 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495) ------------------------------------ Expired certificate Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
As you can see from the output, the command works successfully:
⇒ Microsoft "certutil -encode" Command Options
⇐ Microsoft "certutil -verify first.crt" - Validate Certificate
2013-02-28, 15499👍, 0💬
Popular Posts:
Certificate Summary: Subject: www.amazon.cn Issuer: VeriSign Class 3 Secure Server CA - G3 Expiratio...
Certificate summary - Owner: *.4shared.com, Domain Control Validated Issuer: SERIALNUMBER=07969287, ...
Certificate summary - Owner: *.indeed.com, Domain Control Validated, *.indeed.com Issuer: SERIALNUMB...
What is getacert.com? Can I use it to generate a PKI certificate? Is it free? getaCert is a free ser...
Certificate Summary: Subject: GeoTrust Primary Certification Authority - G2 Issuer: GeoTrust Primary...