Windows: certutil command line examples

Hi,

Windows has a builtin tool for dealing with x509 certificates, certificate stores and much more.

In my opinion the usage is not very intuitive.

Here are some useful examples

Show content of the ntauth store

PS D:\> certutil -store -enterprise ntauth

Import a pfx/pkcs12 key and certificate to the users store and set the “no export” and protecthigh (open the protect dialog to password protect the key) properties. The -p option is the pfx file password.

PS D:\> certutil -user -p ImportPW -importpfx "C:\Users\michael\Documents\myKeyCert.pfx" "NoExport,ProtectHigh"

Import a root certificate to the machines “trusted root certification authority” store. Possible options: -Enterprise (Company store) -user (only to the users store)

PS D:\> certutil -addstore root "C:\Users\michael\Documents\rootCA\CAcerts\ca.cer"

Import a intermediate certificate to the machines “intermediate certification authority” store.

PS D:\> certutil -addstore CA C:\Users\michael\Documents\intCAAuth\CAcerts\intermediatecaauth.cer

Create pfx/pkcs12 file from key and certificate
Give key and cert the same basename, eg. mycert and the key the extension.key and the certifcate .cer

mycert.key
mycert.cer
PS D:\> certutil -mergepfx mycert.cer mycert.pfx

to be continued….

Michael

Leave a Reply Cancel reply