Certutil
Jump to navigation
Jump to search
certificate tool
notes
#view ad store certutil -viewstore "ldap:///CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com" certutil -store -enterprise NTAuth certutil -store -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" #delete from ntauth store certutil -delstore -enterprise ntauth "5a ce 02 ad 7b 9c a9 1e 11 f8 c8 b9 92 5e ae 3d 23 ec 23 c1" #get all certs after september with information about the private key certutil -view -restrict "NotBefore>=9/9/2015" -out "request.submittedwhen,Request.RequesterName,request.rawarchivedkey" #get all certificates about to expire $today=Get-Date $endperiod=$today.AddDays(31) certutil -view -restrict "NotAfter>=$today,NotAfter<=$endperiod" -out "RequestID,RequesterName,RequestType,Email,NotAfter,CommonName,CertificateTemplate,EnrollmentFlags" #get all certificates certutil -view -out CertificateTemplate -restrict "NotBefore > 08/20/2009" csv > out.txt #get certificates by templatename certutil -view -restrict "certificate template=1.3.6.1.4.1.311.21.8.2819805.2707949.10374545.1112108.15908497.246.7506132.8196480" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition > c:\Template1-Requests.txt # or for default templates use the name instead of the OID like so certutil -view -restrict "certificate template=user" -out request.submittedwhen,Request.RequesterName,Request.CallerName,UPN,CommonName,NotAfter,Request.Disposition #get certificates by requestor certutil -view -restrict "RequesterName=CONTOSO\user1" -out SerialNumber,StatusCode #disposition is the status -> http://blogs.technet.com/b/pki/archive/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples.aspx certutil -view -restrict "RequestId=$,Disposition=20" -out RawCertificate
all columns: https://technet.microsoft.com/nl-be/library/cc783853%28v=ws.10%29.aspx
sources: