Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (69)
EC Keys (599)
Firefox (31)
General (12)
Google Chrome (25)
Intermediate CA (152)
Java VM (33)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (22)
OpenSSL (237)
Other (7)
Portecle (38)
Publishers (2744)
Revoked Certificates (30)
Root CA (89)
RSA Keys (2261)
Tools (46)
Tutorial (3)
What Is (22)
Windows (129)
Collections:
Other Resources:
Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status?
✍: FYIcenter.com
Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command,
you will see an expired certificate report as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -verify VeriSign.crt Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Subject: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Cert Serial Number: e49efdf33ae80ecfa5113e19a4240232 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE --------CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=1 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication Application[2] = 1.3.6.1.5.5.7.3.3 Code Signing Application[3] = 1.3.6.1.5.5.7.3.1 Server Authentication Exclude leaf cert: da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09 Full chain: 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495) ------------------------------------ Expired certificate Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
As you can see from the output, the command works successfully:
⇒ Microsoft "certutil -encode" Command Options
⇐ Microsoft "certutil -verify first.crt" - Validate Certificate
2013-02-28, 12024👍, 0💬
Popular Posts:
Certificate Summary: Subject: AAA Certificate Services Issuer: AAA Certificate Services Expiration: ...
What commands are supported in Microsoft CertUtil? Here is a complete list of commands supported in ...
Certificate Summary: Subject: Go Daddy Secure Certificate Authority - G2 Issuer: Go Daddy Root Certi...
What options are supported by the "keytool -gencert" command? Java Keytool can be used to sign a CSR...
How to read general information of a server certificate in Google Chrome? This tutorial will help yo...