Microsoft "certutil -viewstore" Command Options

Q

How can I use Microsoft "certutil -viewstore" command? What are command options supported by "certutil -viewstore"? The document says "Dump certificate store".

✍: FYIcenter.com

A

Microsoft "certutil -viewstore" command can be used to view certificates from a certificate store in an pop-up window.

Here are options supported by the "certutil -viewstore" command:

C:\fyicenter>\windows\system32\certutil -viewstore -?
Usage:
  CertUtil [Options] -viewstore [CertificateStoreName [CertId [OutputFile]]]
  Dump certificate store
    CertificateStoreName -- Certificate store name. Examples:
      "My", "CA" (default), "Root",

      "ldap:///CN=Certification Authorities,CN=Public Key Services,
CN=Services,CN=Configuration,DC=...?cACertificate?one?objectClass=
certificationAuthority" (View Root Certificates)

      ...

    CertId -- Certificate or CRL match token. This can be 
      a serial number,
      an SHA-1 certificate, CRL, CTL or public key hash,
      a numeric cert index (0, 1, etc.),
      a numeric CRL index (.0, .1, etc.),
      a numeric CTL index (..0, ..1, etc.),
      a public key, signature or extension ObjectId,
      a certificate subject Common Name,
      an e-mail address, UPN or DNS name,
      a key container name or CSP name,
      a template name or ObjectId,
      an EKU or Application Policies ObjectId,
      or a CRL issuer Common Name.
      Many of the above may result in multiple matches.

    OutputFile -- file to save matching cert
    Use -user to access a user store instead of a machine store.
    Use -enterprise to access a machine enterprise store.
    Use -service to access a machine service store.
    Use -grouppolicy to access a machine group policy store.

    Examples:
    -enterprise NTAuth
    -enterprise Root 37
    -user My 26e0aaaf000000000004
    CA .11

Options:
  -f           -- Force overwrite
  -enterprise  -- Use local machine Enterprise registry certificate store
  -user        -- Use HKEY_CURRENT_USER keys or certificate store
  -GroupPolicy -- Use Group Policy certificate store
  -gmt         -- Display times as GMT
  -seconds     -- Display times with seconds and milliseconds
  -v           -- Verbose operation
  -privatekey  -- Display password and private key data
  -dc DCName   -- Target a specific Domain Controller

As you can see from the command help information, "certutil -viewstore" command is identical "certutil -store" command except that "certutil -viewstore" displays certificates to graphical pop-up window.

2013-04-26, 15734👍, 0💬