2

I'm using the following command to get a list of issued certificates in a Windows Server machine with Active Directory Certificate Services (ADCS) installed.

certutil -restrict 'Disposition=20' -out 'Binary Certificate' -view

It's all working fine and I get a list of X509 strings. Now, I want the same results, but with some type of pagination, so I can get a specific number of issued certificates for each call of this comand.

I didn't found anything in the man page for certuitl, but I'm able to use other tools to get it done, even if some Powershell utility is needed.

Just for clarification, I'm using this command through a script that calls it over WinRM connection, so I need to solve it programmatically.

Currently, when I use the command I got a long string with all isued certificates. For example, if I have 3 issued certificates the output of this command will be:

Row 1:
  Binary Certificate:
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIRALL+P2asRHyfAgAAAAB9mgMwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDEwMDYwNjQxMjBaFw0yMDEyMjkwNjQx
MjBaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53
d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGp8Sp01kEsr
Gz98cyb/Kt+xvLJzsqGgIAOXjdHfjOzOUJTiMJIB/NIpQnDvNZ9L3qF3Zl2ecyFY
ZoI5LMyTrImjggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUXXztHYUOkjN796BgKuPdcGaL
iVswHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl
MCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG
A1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG
CisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v
Zy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALIeBcyL
os2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABdPzbivQAAAQDAEcwRQIgdhDC
6bAIuOvy8noeZWMbiudTQpTGD1Wkx4yeSSf1aiMCIQC2HHLZRGjNa043bqXSunpm
BadlxXX2pTa4GaLYAxvk9wB2AOcS8rA3fhpi+47JDGGE8ep7N8tWHREmW/Pg80vy
QVRuAAABdPzbivcAAAQDAEcwRQIgSq5jcykP0BrVPo/51u9PIdC63A5l/vFcUsj2
r5Ro4S8CIQDHff9rJmMTsXLviBW+/zAy1gWBKbqqdnNh/pXixUGtgTANBgkqhkiG
9w0BAQsFAAOCAQEAZXv8x/2Z/+1vAyuwVtx3Euw+pDfPF3UNuFJ64NzdYw8+xLK5
W31ILMOpQII1ERfkU2IxmoQlVpVBYNNMkBnMPNMSBzzlQNAxxL8Ze5JKE5sOkb/8
FoqAwWQYNERcUJ1u3y2viiR7chBLGElo7yXMJgx1so9HD8NVR3rEA9oScBVW5udV
Cjg0b0RCOKFU8e+xoaKX7/OeNddrwoVZnRmwvUddbx2rqU8TZdvJMAQaecot8bty
TVPk+4gxuNxIZSLufY7uDh/qZYNSc2/pSfyyM8CKO54Uq8VqVVb5tGmSXLWRbtBY
pM8zLEwTp1yoOFB3P5GCrZX63/USA8COaE32Ow==
-----END CERTIFICATE-----


Row 2:
  Binary Certificate:
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIRALL+P2asRHyfAgAAAAB9mgMwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDEwMDYwNjQxMjBaFw0yMDEyMjkwNjQx
MjBaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53
d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGp8Sp01kEsr
Gz98cyb/Kt+xvLJzsqGgIAOXjdHfjOzOUJTiMJIB/NIpQnDvNZ9L3qF3Zl2ecyFY
ZoI5LMyTrImjggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUXXztHYUOkjN796BgKuPdcGaL
iVswHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl
MCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG
A1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG
CisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v
Zy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALIeBcyL
os2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABdPzbivQAAAQDAEcwRQIgdhDC
6bAIuOvy8noeZWMbiudTQpTGD1Wkx4yeSSf1aiMCIQC2HHLZRGjNa043bqXSunpm
BadlxXX2pTa4GaLYAxvk9wB2AOcS8rA3fhpi+47JDGGE8ep7N8tWHREmW/Pg80vy
QVRuAAABdPzbivcAAAQDAEcwRQIgSq5jcykP0BrVPo/51u9PIdC63A5l/vFcUsj2
r5Ro4S8CIQDHff9rJmMTsXLviBW+/zAy1gWBKbqqdnNh/pXixUGtgTANBgkqhkiG
9w0BAQsFAAOCAQEAZXv8x/2Z/+1vAyuwVtx3Euw+pDfPF3UNuFJ64NzdYw8+xLK5
W31ILMOpQII1ERfkU2IxmoQlVpVBYNNMkBnMPNMSBzzlQNAxxL8Ze5JKE5sOkb/8
FoqAwWQYNERcUJ1u3y2viiR7chBLGElo7yXMJgx1so9HD8NVR3rEA9oScBVW5udV
Cjg0b0RCOKFU8e+xoaKX7/OeNddrwoVZnRmwvUddbx2rqU8TZdvJMAQaecot8bty
TVPk+4gxuNxIZSLufY7uDh/qZYNSc2/pSfyyM8CKO54Uq8VqVVb5tGmSXLWRbtBY
pM8zLEwTp1yoOFB3P5GCrZX63/USA8COaE32Ow==
-----END CERTIFICATE-----


Row 3:
  Binary Certificate:
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIRALL+P2asRHyfAgAAAAB9mgMwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDEwMDYwNjQxMjBaFw0yMDEyMjkwNjQx
MjBaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw53
d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGp8Sp01kEsr
Gz98cyb/Kt+xvLJzsqGgIAOXjdHfjOzOUJTiMJIB/NIpQnDvNZ9L3qF3Zl2ecyFY
ZoI5LMyTrImjggJcMIICWDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUXXztHYUOkjN796BgKuPdcGaL
iVswHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzFjb3Jl
MCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MBkG
A1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwG
CisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29v
Zy9HVFMxTzFjb3JlLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALIeBcyL
os2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABdPzbivQAAAQDAEcwRQIgdhDC
6bAIuOvy8noeZWMbiudTQpTGD1Wkx4yeSSf1aiMCIQC2HHLZRGjNa043bqXSunpm
BadlxXX2pTa4GaLYAxvk9wB2AOcS8rA3fhpi+47JDGGE8ep7N8tWHREmW/Pg80vy
QVRuAAABdPzbivcAAAQDAEcwRQIgSq5jcykP0BrVPo/51u9PIdC63A5l/vFcUsj2
r5Ro4S8CIQDHff9rJmMTsXLviBW+/zAy1gWBKbqqdnNh/pXixUGtgTANBgkqhkiG
9w0BAQsFAAOCAQEAZXv8x/2Z/+1vAyuwVtx3Euw+pDfPF3UNuFJ64NzdYw8+xLK5
W31ILMOpQII1ERfkU2IxmoQlVpVBYNNMkBnMPNMSBzzlQNAxxL8Ze5JKE5sOkb/8
FoqAwWQYNERcUJ1u3y2viiR7chBLGElo7yXMJgx1so9HD8NVR3rEA9oScBVW5udV
Cjg0b0RCOKFU8e+xoaKX7/OeNddrwoVZnRmwvUddbx2rqU8TZdvJMAQaecot8bty
TVPk+4gxuNxIZSLufY7uDh/qZYNSc2/pSfyyM8CKO54Uq8VqVVb5tGmSXLWRbtBY
pM8zLEwTp1yoOFB3P5GCrZX63/USA8COaE32Ow==
-----END CERTIFICATE-----

For this example, I repeated the same certificate 3 times, but the a real result will bring 3 differente certificates

What I want is something like : certutil -restrict 'Disposition=20' -out 'Binary Certificate' -view -page 1 -pagesize 2 (This command does not exists) that will bring exactly same info, but just with 2 certificates and then use the same command with -page 2 that will bring the last one.

Is it possible?

Info:

  • Windows Server 2016 (The ideal solution should work with older versions too)
  • Powershell 5.1
Improve this question
0

1 Answer 1

Reset to default
1

The easiest way is to pipe Out-Host -Paging. This will let you advance with space bar one page at a time.

certutil -restrict 'Disposition=20' -out 'Binary Certificate' -view | Out-Host -Paging

You can also count the results of this command:

$f = certutil -restrict 'Disposition=20' -out 'Binary Certificate' -view | Select-Object Name | Measure
$f.Count
Improve this answer
5
  • Thanks. Are there any way to do it programmatically? I forgot to mention in my question that I'm doing it through a script. I'll update my question with this information.
    – James
    Commented Nov 3, 2020 at 17:36
  • 1
    Can you explain exactly what you expect to be returned?
    – Narzard
    Commented Nov 3, 2020 at 17:58
  • I'll try to improve my question with the exactly behaviour that I expect, but basically I want some way to get a specific number of issued certificates each time I use the command using some type of pagination.
    – James
    Commented Nov 3, 2020 at 18:10
  • 1
    So you can pipe select -first 10 or select -last 10 to get only the first 10 items or last 10, etc. What you could also do is make that a variable, get all the results and divide by how many pages you want. IE. there are 12 results when you count all and you want 4 pages of 3 certs each, you can divide the result of count (12) by page (4) to get a result size of 3 objects per page. Then, you can run the command multiple times with |select 1..3 then |select 4..6 then |select 7..9 etc to return the resultset you want.
    – Narzard
    Commented Nov 3, 2020 at 19:28
  • The problem with this approach is that, since the output of certutil is a raw text, I need to know some info before parse it using select right (I need to know how many certificates I have before use it)? However, due to the lack of something native or built-in with certutil, this is the best option. if you edit your question to include it as an anwer, I'll accept it. Thanks for the help!
    – James
    Commented Nov 4, 2020 at 15:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .