Download facebook.com Certificate for Microsoft "certutil" Test

Q

How to download the server certificate from Facebook.com Web site? I want to have a new certificate to play with Microsoft "certutil" commands.

✍: FYIcenter.com

A

The easiest way to download the server certificate from Web site is to visit the Web site with Firefox and use Firefox function to view and save the server certificate as shown in another tutorial: Export Web Site Server Certificate in Firefox 9

Follow the above tutorial and download the server certificate from https://www.facebook.com/ to a file called "facebook.pem".

Use the following Microsoft "certutil -verify" command to verify the downloaded certificate:

C:\fyicenter>\windows\system32\certutil -verify facebook.pem

Issuer:
    OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
    OU=VeriSign International Server CA - Class 3
    OU=VeriSign, Inc.
    O=VeriSign Trust Network
Subject:
    CN=*.facebook.com
    O=Facebook, Inc.
    L=Palo Alto
    S=California
    C=US
Cert Serial Number: 017f77deb3bcbb235d44ccc7dba62e72

...
--------CERT_CHAIN_CONTEXT --------
...
CertContext[0][0]: dwInfoStatus=104 dwErrorStatus=0
  Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3,
OU="VeriSign, Inc.", O=VeriSign Trust Network
  NotBefore: 6/20/2012 7:00 PM
  NotAfter: 12/31/2013 6:59 PM
  Subject: CN=*.facebook.com, O="Facebook, Inc.", L=Palo Alto, S=California,
  C=US
  Serial: 017f77deb3bcbb235d44ccc7dba62e72
  SubjectAltName: DNS Name=*.facebook.com, DNS Name=facebook.com
  ...

CertContext[0][1]: dwInfoStatus=104 dwErrorStatus=0
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  NotBefore: 4/16/1997 7:00 PM
  NotAfter: 10/24/2016 6:59 PM
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3,
OU="VeriSign, Inc.", O=VeriSign Trust Network
  Serial: 46fcebbab4d02f0f926098233f93078f
  ...

CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  NotBefore: 1/28/1996 7:00 PM
  NotAfter: 8/1/2028 6:59 PM
  Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Serial: 70bae41d10d92934b638ca7b03ccbabf
  ...

Exclude leaf cert:
  ab bb 6d fc 7b 19 83 91 21 3f c6 f6 43 89 2a 0d 95 5d f7 8d
Full chain:
  1b 13 b7 c3 ad f8 be 8f 77 8f 7b 62 29 bf c5 83 ef d3 f7 5c
------------------------------------
Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.5.5.7.3.2 Client Authentication
    1.3.6.1.5.5.7.3.1 Server Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.

As you can see from the output, the downloaded certificate from facebook.com is a valid certificate.

⇒ Microsoft "certutil" No local Certification Authority Error

⇐ List of Commands Supported in Microsoft CertUtil

⇑ Introduction to Microsoft "certutil" Commands

⇑⇑ Microsoft "certutil" - Certificate Management Tool

2017-04-05, ≈14🔥, 1💬

💬 2016-01-29 FYIcenter.com: @D Keetch, yes, we can provide more examples. But do you have a specific use case that needs some help?

💬 2016-01-25 D Keetch: one example is not enough to illustrate the usage

Microsoft "certutil -verify" Command Options
How can I use Microsoft "certutil -verify" command? What are command options supported by "certutil -verify"? The document says "Verify certificate, CRL or chain". Microsoft "certutil -verify" command can be used to verify (validate) certificate saved in a certificate file. Here are options supporte... 2013-03-04, ≈45🔥, 0💬

Microsoft "certutil -store" - Search Certificate by Serial Number
How to search and export a certificate from a certificate store into a certificate file with Microsoft "certutil" tool using the certificate's serial number? If you know the serial number of a certificate and in which certificate store, you can use the Microsoft "certutil -store storename serial_num... 2013-02-27, ≈38🔥, 0💬

Microsoft "certutil -delstore" Command Options
How can I use Microsoft "certutil -delstore" command? What are command options supported by "certutil -delstore"? The document says "Delete certificate from store". Microsoft "certutil -delstore" command can be used to delete a certificate from a certificate store on the local computer. Here are opt... 2013-03-05, ≈34🔥, 0💬

Microsoft "certutil -addstore -f -user publisher ..." - Create a Store
How to import a certificate from a certificate file into a new certificate store with Microsoft "certutil" tool? If you want to import a certificate from a certificate file into a new certificate store, you can use the Microsoft "certutil -addstore -f storename file_name" command as shown in this tu... 2013-03-05, ≈30🔥, 0💬

Microsoft "certutil -addstore -user my ..." - Import Certificate
How to import a certificate from a certificate file into a certificate store with Microsoft "certutil" tool? If you want to import a certificate from a certificate file into a certificate store, you can use the Microsoft "certutil -addstore storename file_name" command as shown in this tutorial: C:\... 2013-03-01, ≈19🔥, 0💬

Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status? Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command, you will see an expired certificate report as shown in this tutorial: C:\fyicenter>\windows\s yst... 2013-02-28, ≈17🔥, 0💬

Microsoft "certutil -store CA 0 first.crt" - Export Certificate
How to export a certificate from a certificate store into a certificate file with Microsoft "certutil" tool? If you want to export a certificate from a certificate store into a certificate file, you can use the Microsoft "certutil -store storename certificate_index file_name" command as shown in thi... 2013-02-27, ≈17🔥, 0💬

Microsoft "certutil -addstore" Command Options
How can I use Microsoft "certutil -addstore" command? What are command options supported by "certutil -addstore"? The document says "Add certificate to store". Microsoft "certutil -addstore" command can be used to add, or import, certificate from a specified certificate file to a certificate store o... 2013-03-01, ≈16🔥, 0💬

Download facebook.com Certificate for Microsoft "certutil" Test
How to download the server certificate from Facebook.com Web site? I want to have a new certificate to play with Microsoft "certutil" commands. The easiest way to download the server certificate from Web site is to visit the Web site with Firefox and use Firefox function to view and save the server ... 2017-04-05, ≈14🔥, 1💬

💬 2014-05-14 prosper: thank you

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.