Super User Stack Exchange
Super User Stack Exchange

Questions tagged [certutil]

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

  • For basic command line syntax, run certutil -?
  • For the syntax on using certutil with a specific verb, run certutil <verb> -?
  • To send all of the certutil syntax into a text file, run the following commands:
    • certutil -v -? > certutilhelp.txt
    • notepad certutilhelp.txt

Resource (applies to: Windows Server 2012, Windows 8)

32 questions
5
votes
2 answers

Install a PKCS#12 Certificate into firefox from the command line

I am trying to use certutil to add a client certificate to the firefox db: The purpose of this certificate is to authenticate with a server - the server asks for credentials, this certificate contains the credentials. certutil -A -n "My Certificate"…
Derek Ekins
  • 762
  • 2
  • 9
  • 16
3
votes
2 answers

How to install CertUtil to Windows 7?

It seems that my version of Windows 7 (SP1, with PowerShell 4) lacks the certutil command. I tried to look for a way to add it manually but failed. Any ideas on how to do it? UPDATE Thanks to comments, I was able to locate the certutil.exe file in…
ahmed
  • 537
  • 2
  • 6
  • 17
3
votes
2 answers

Import self-signed certificate with private key on Windows from command prompt

Using inetmgr, I made a pfx file containing the public and private keys for a certificate. Now I'm trying to install the pfx into another machine from the command prompt with certutil -p -importpfx root Unfortunately,…
user1058410
  • 33
  • 1
  • 1
  • 3
3
votes
2 answers

Pipe output from DIR into CERTUTIL

In Win10, looking for way to pipe the output from a DIR command at the Command Prompt or in a Batch File to serve as input to the CERTUTIL command. IOW, I want to get the MD5 hash for all of the files matched by a DIR command. The following command…
Dee Wolf
  • 41
  • 1
  • 7
3
votes
2 answers

get the hash of a string and eventually compare it to a hash

I want to run a one-liner to enable me to get the hash of a string and eventually compare it to a hash I can just copy at the end of the command later. I'm confident I can figure out how to do the comparison once I figure out what is wrong with my…
John
3
votes
1 answer

Is it possible to encode a file with certutil without creating new file?

I'm encoding files with following command: certutil -encode inputFileName encodedOutputFileName However, this creates a new file on the system. Is it possible to print encoded data on command line and not write to a new file?
kalsanam99
  • 31
  • 1
  • 2
2
votes
0 answers

certmgr.exe does not work expectedly in command line mode?

I'm trying to run the MSDN's sample about WCF basic message security using Certificate. In the setup.bat file, there is this line of command: certmgr.exe -add -r LocalMachine -s My -c -n %SERVER_NAME% -r CurrentUser -s TrustedPeople When running…
Hopeless
  • 263
  • 1
  • 6
  • 15
2
votes
2 answers

Removing one of two certificates with equal nicknames

I have two certificates installed: kirrun@kirNote ~ [1197]% certutil -d sql:/home/kirrun/.pki/nssdb -L Certificate Nickname Trust Attributes …
kirelagin
  • 2,832
  • 2
  • 17
  • 22
2
votes
3 answers

Installing/deleting root certificate without CertMgr / CertUtil asking the end-user for confirmation

When you install or delete a root CA certificate using the commandline tools CertUtil.exe or CertMgr.exe, Windows asks the user for confirmation using a MessageBox (for certificates other than root CA ones, this question is not asked), even for the…
Jeroen Wiert Pluimers
  • 2,853
  • 10
  • 41
  • 55
2
votes
1 answer

Using CertUtil MergePfx with password as a parameter

I'm trying to script generation of a single pfx certificate, from one key and one pem file. The following command in Powershell will generate a .pfx as expected: CertUtil -MergePFX $srcPemPath $outPfxPath But it prompts me to manually enter the…
Ian Ferguson
  • 21
  • 1
  • 3
2
votes
1 answer

Paginate results of certutil -view

I'm using the following command to get a list of issued certificates in a Windows Server machine with Active Directory Certificate Services (ADCS) installed. certutil -restrict 'Disposition=20' -out 'Binary Certificate' -view It's all working fine…
James
  • 661
  • 3
  • 8
  • 20
2
votes
1 answer

CertUtil: ERROR_INVALID_ACL (0x80070538) exception when trying to install root certificate on Windows

I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add a certificate is executed. It happens both when…
alexalok
  • 23
  • 4
1
vote
1 answer

How to use certutil -exportPFX to export certificates from "Certifiate Enrollment Requests" store?

I have Windows Server 2008. I am trying to write a script to export my certificate request private keys. I wanted to use the powershell cmdlet Export-PfxCertificate to export my certificate request's private keys, but it seems that cmdlet is missing…
Charlweed
  • 255
  • 1
  • 3
  • 9
1
vote
2 answers

How to automatically compare current windows root certificate store against latest root certificates?

I do have a provider that complains the trusted root certificates on our several windows server systems (2008, 2012, 2016, 2019) are outdated. I was not able to prove the opposite. For sure "Turn off Automatic Certificate Update" is not configured…
I grok it
  • 51
  • 1
  • 7
1
vote
1 answer

How to use certutil.exe -MergePFX without a password?

I'm automating a process and have that constraint that I can only use Windows Server (2012 is the base, but I'm not sure if a 2008 will show up somewhere) native tools. I need to get a key pair (certificate.pem and certificate_key.pem) and transform…
Tonon
  • 11
  • 3
1
2 3