Windows: certutil command line examples

Hi,

Windows has a builtin tool for dealing with x509 certificates, certificate stores and much more.

In my opinion the usage is not very intuitive.

Here are some useful examples

Show content of the ntauth store

PS D:\> certutil -store -enterprise ntauth

Import a pfx/pkcs12 key and certificate to the users store and set the “no export” and protecthigh (open the protect dialog to password protect the key) properties. The -p option is the pfx file password.

PS D:\> certutil -user -p ImportPW -importpfx "C:\Users\michael\Documents\myKeyCert.pfx" "NoExport,ProtectHigh"

Import a root certificate to the machines “trusted root certification authority” store. Possible options: -Enterprise (Company store) -user (only to the users store)

PS D:\> certutil -addstore root "C:\Users\michael\Documents\rootCA\CAcerts\ca.cer"

Import a intermediate certificate to the machines “intermediate certification authority” store.

PS D:\> certutil -addstore CA C:\Users\michael\Documents\intCAAuth\CAcerts\intermediatecaauth.cer

to be continued….

Michael

My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…

Michls Tech Blog

Windows: certutil command line examples

Leave a Reply Cancel reply

My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…