Questions tagged [certutil]
Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
34
questions
1
vote
1
answer
63
views
Trying to create a .crt and .key for apache using certutil/certreq end up with empty files
I have this cert_functions.ps1 file
$ErrorActionPreference = "Stop"
$PSDefaultParameterValues['*:ErrorAction']='Stop'
function New-WorkstationCertificateRequestConfiguration {
param(
...
0
votes
0
answers
515
views
Windows certutil exports with empty password but openssl pkcs12 fails
Here are the commands I follow to create a certificate and accept it usin Windows Server's CA Server.
certreq -new -f -q $answerFile.FullName $requestFile.FullName
certreq -submit -f -q -config $...
0
votes
1
answer
271
views
Using certutil certificate in apache, missing key
$ConfigContent = @"
; Request.inf
[Version]
Signature="`$Windows NT$"
[NewRequest]
Subject = "CN=$CN,C=ES,ST=Barcelona,L=Barcelona,O=$O"
KeySpec = 1
KeyLength = 2048
...
0
votes
0
answers
565
views
Unable to decrypt EFS files after changing user credentials in Win 10
I had encrypted some files and folders in my local user account in Windows 10.
I changed the username and password of that local user account and also the administrator account.
After that, I was ...
2
votes
2
answers
2k
views
How to automatically compare current windows root certificate store against latest root certificates?
I do have a provider that complains the trusted root certificates on our several windows server systems (2008, 2012, 2016, 2019) are outdated.
I was not able to prove the opposite. For sure "Turn ...
0
votes
1
answer
406
views
Generated SSL certificate doesn't work in Personal > Certificates, only if it's also in Trusted Root Certificate Authorities > Certificates
I'm trying to install an SSL certificate automatically with certutil, and I've done this successfully with the following command:
certutil -addstore -user -f "My" "$CERT_FILE_CERT"
...
0
votes
1
answer
4k
views
How to install certutil on Centos?
I am trying to get libreswan VPN running on my centos system but I seem to be missing the certutil package
/usr/local/sbin/ipsec: line 394: certutil: command not found
However I have been looking ...
0
votes
4
answers
595
views
Are these strings the correct output to verify keys for file checksum?
I'm trying to verify the integrity of the files before installing a downloaded copy of Netbeans from the Apache.org site, per their suggestion. I'm not having luck verifying I am using the tools ...
0
votes
1
answer
724
views
Trying to revoke locally-generated certificate : No local CA error
For some automated tests on my project, I need to revoke a certificate which has been generated locally by makecert.exe.
First, I generate a signer certificate and associated CRL using the following ...
3
votes
1
answer
7k
views
Using CertUtil MergePfx with password as a parameter
I'm trying to script generation of a single pfx certificate, from one key and one pem file. The following command in Powershell will generate a .pfx as expected:
CertUtil -MergePFX $srcPemPath $...
2
votes
1
answer
798
views
Paginate results of certutil -view
I'm using the following command to get a list of issued certificates in a Windows Server machine with Active Directory Certificate Services (ADCS) installed.
certutil -restrict 'Disposition=20' -out '...
1
vote
1
answer
1k
views
How to use certutil.exe -MergePFX without a password?
I'm automating a process and have that constraint that I can only use Windows Server (2012 is the base, but I'm not sure if a 2008 will show up somewhere) native tools. I need to get a key pair (...
3
votes
1
answer
12k
views
Import certificate to Trusted Root Authorities for the Current User, with command line
I know how to import certificates to trusted root authorities with certutil
certutil -addstore "Root" <cert_path>
But for this I need administrator permissions. Though when I double ...
3
votes
2
answers
3k
views
Pipe output from DIR into CERTUTIL
In Win10, looking for way to pipe the output from a DIR command at the Command Prompt or in a Batch File to serve as input to the CERTUTIL command. IOW, I want to get the MD5 hash for all of the files ...
0
votes
1
answer
2k
views
Windows validate checksum
I am trying to validate the checksum for a Windows Citrix executable.
The checksum that is provided is 64 char long.
I have found instructions to validate a checksum by running this in PowerShell:
...
0
votes
0
answers
680
views
Certutil intended purposes
On some systems where we're deploying our software, we're told that it is missing a certificate that necessary to verify our code is correctly signed.
I'd like to add this certificate in our (nsis) ...
0
votes
1
answer
1k
views
Disabling Certutil
I am wondering what are the consequences of disabling certutil.exe on windows systems.
It seems that this option isn't event considered in the documentation or forums.
Can someone please elaborate ...
3
votes
2
answers
6k
views
get the hash of a string and eventually compare it to a hash
I want to run a one-liner to enable me to get the hash of a string and eventually compare it to a hash I can just copy at the end of the command later. I'm confident I can figure out how to do the ...
2
votes
1
answer
843
views
CertUtil: ERROR_INVALID_ACL (0x80070538) exception when trying to install root certificate on Windows
I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add ...
0
votes
1
answer
2k
views
CertUtil | How CertUtil -verifykeys works internally?
I have a CA certificate in Local Machine Certificate Store.
When I run this command - enter code here
certutil -verifyKeys gives Key "KEYNAME" verifies as the public key for Certificate "KEYNAME" ...
0
votes
1
answer
205
views
Gpg4win download integrity check
I just downloaded gpg4win onto Windows 8.
I wanted to check the integrity, and apparently you can do so with certutil. So I navigated to my downloads folder and typed:
C:\Users\xxx\Downloads> ...
3
votes
1
answer
5k
views
Is it possible to encode a file with certutil without creating new file?
I'm encoding files with following command:
certutil -encode inputFileName encodedOutputFileName
However, this creates a new file on the system. Is it possible to print encoded data on command line ...
0
votes
1
answer
10k
views
User Certificate's show "Cannot find the certificate and private key for decryption." in Windows
Have a number of computers where user certificates suddenly stop working.
Running certutil -silent -user -store my shows that all user certificates for the affected user have stopped working.
my
...
2
votes
1
answer
3k
views
Availbility of certutil on different Windows versions
I am a bit confused about certutil.exe. I have read the information in the link Server 2012/Windows 8 certutil documentation:
Certutil.exe is a command-line program that is installed as part of ...
0
votes
1
answer
3k
views
Athena ID Protect v2 Token triggers Select Card dialog on PKCS#11 C_Login
I am playing around with an Athena IDProtect v2 Token from NXP (the one compatible with the IDProtect Laser product line) on Windows 10 Pro (x64 german).
After installing the Athena client middle ...
3
votes
2
answers
14k
views
How to install CertUtil to Windows 7?
It seems that my version of Windows 7 (SP1, with PowerShell 4) lacks the certutil command. I tried to look for a way to add it manually but failed.
Any ideas on how to do it?
UPDATE
Thanks to comments,...
2
votes
0
answers
6k
views
certmgr.exe does not work expectedly in command line mode?
I'm trying to run the MSDN's sample about WCF basic message security using Certificate. In the setup.bat file, there is this line of command:
certmgr.exe -add -r LocalMachine -s My -c -n %SERVER_NAME%...
3
votes
2
answers
14k
views
Import self-signed certificate with private key on Windows from command prompt
Using inetmgr, I made a pfx file containing the public and private keys for a certificate. Now I'm trying to install the pfx into another machine from the command prompt with
certutil -p <password&...
1
vote
1
answer
14k
views
How to use certutil -exportPFX to export certificates from "Certifiate Enrollment Requests" store?
I have Windows Server 2008. I am trying to write a script to export my certificate request private keys. I wanted to use the powershell cmdlet Export-PfxCertificate to export my certificate request's ...
0
votes
1
answer
3k
views
How to extract "Issued To" with "certutil -store -my"?
I am trying to script a report on certificate usage for a specific app, and those certs are all part of the output of "certutil -store -my" (Web Server 2008 R2).
However the "issued-to" field is not ...
2
votes
2
answers
3k
views
Removing one of two certificates with equal nicknames
I have two certificates installed:
kirrun@kirNote ~ [1197]% certutil -d sql:/home/kirrun/.pki/nssdb -L
Certificate Nickname Trust Attributes
...
0
votes
1
answer
313
views
Self-Signed certificate for LDAP on Sun Directory Server
I am wondering if some one could provide me with steps to self-signed certificate using certutil. I want the cert for Sun Directory Server 5.2 Patch 6.
6
votes
2
answers
16k
views
Install a PKCS#12 Certificate into firefox from the command line
I am trying to use certutil to add a client certificate to the firefox db:
The purpose of this certificate is to authenticate with a server - the server asks for credentials, this certificate contains ...
2
votes
3
answers
19k
views
Installing/deleting root certificate without CertMgr / CertUtil asking the end-user for confirmation
When you install or delete a root CA certificate using the commandline tools CertUtil.exe or CertMgr.exe, Windows asks the user for confirmation using a MessageBox (for certificates other than root CA ...