Certutil

Applies To: Windows Server 2008

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.

For examples of how to use this command, see Examples.

Syntax

Copy Code

Certutil <-parameter> [-parameter]

Parameters

Parameters

Description


Copy Code

-dump

Dump configuration information or files


Copy Code

-asn

Parse ASN.1 file


Copy Code

-decodehex

Decode hexadecimal-encoded file


Copy Code

-decode

Decode a Base64-encoded file


Copy Code

-encode

Encode a file to Base64


Copy Code

-deny

Deny a pending certificate request


Copy Code

-resubmit  

Resubmit a pending certificate request


Copy Code

-setattributes

Set attributes for a pending certificate request


Copy Code

-setextension

Set an extension for a pending certificate request


Copy Code

-revoke

Revoke a certificate


Copy Code

-isvalid

Display the disposition of the current certificate


Copy Code

-getconfig

Get the default configuration string


Copy Code

-ping

Attempt to contact the Active Directory Certificate Services Request interface


Copy Code

-pingadmin

Attempt to contact the Active Directory Certificate Services Admin interface


Copy Code

-CAInfo

Display information about the certification authority


Copy Code

-ca.cert

Retrieve the certificate for the certification authority


Copy Code

-ca.chain

Retrieve the certificate chain for the certification authority


Copy Code

-GetCRL

Get a certificate revocation list (CRL)


Copy Code

-CRL

Publish new certificate revocation lists (CRLs) [or only delta CRLs]


Copy Code

-shutdown

Shutdown Active Directory Certificate Services


Copy Code

-installCert

Install a certification authority certificate


Copy Code

-renewCert

Renew a certification authority certificate


Copy Code

-schema

Dump the schema for the certificate


Copy Code

-view

Dump the certificate view


Copy Code

-db

Dump the raw database


Copy Code

-deleterow

Delete a row from the server database


Copy Code

-back up

Backup Active Directory Certificate Services


Copy Code

-backupDB

Backup the Active Directory Certificate Services database


Copy Code

-backupKey

Backup the Active Directory Certificate Services certificate and private key


Copy Code

-restore

Restore Active Directory Certificate Services


Copy Code

-restoreDB

Restore the Active Directory Certificate Services database


Copy Code

-restoreKey

Restore the Active Directory Certificate Services certificate and private key


Copy Code

-dynamicfilelist  

Display a dynamic file list


Copy Code

-databaselocation

Display database locations


Copy Code

-hashfile

Generate and display a cryptographic hash over a file


Copy Code

-store

Dump the certificate store


Copy Code

-addstore

Add a certificate to the store


Copy Code

-delstore

Delete a certificate from the store


Copy Code

-verifystore

Verify a certificate in the store


Copy Code

-repairstore

Repair a key association or update certificate properties or the key security descriptor


Copy Code

-viewstore

Dump the certificates store


Copy Code

-viewdelstore

Delete a certificate from the store


Copy Code

-dsPublish

Publish a certificate or certificate revocation list (CRL) to Active Directory


Copy Code

-Template

Display certificate templates


Copy Code

-TemplateCAs      

Display the certification authorities (CAs) for a certificate template


Copy Code

-CATemplates

Display the certificate templates for a certification authority (CA)


Copy Code

-InstallDefaultTemplates

Install default certificate templates


Copy Code

-URLCache

Display or delete URL cache entries


Copy Code

-pulse

Pulse auto enrollment events


Copy Code

-MachineInfo      

Display information about the Active Directory machine object


Copy Code

-DCInfo

Display information about the domain controller


Copy Code

-EntInfo

Display information about an enterprise CA


Copy Code

-TCAInfo

Display information about the CA


Copy Code

-SCInfo

Display information about the smart card


Copy Code

-SCRoots

Manage smart card root certificates


Copy Code

-verifykeys

Verify a public or private key set


Copy Code

-verify

Verify a certificate, certificate revocation list (CRL), or certificate chain


Copy Code

-sign

Re-sign a certificate revocation list (CRL) or certificate


Copy Code

-vroot

Create or delete web virtual roots and file shares


Copy Code

-vocsproot

Create or delete web virtual roots for an OCSP web proxy


Copy Code

-oid

Display the object identifier or set a display name


Copy Code

-error

Display the message text associated with an error code


Copy Code

-getreg

Display a registry value


Copy Code

-setreg

Set a registry value


Copy Code

-delreg

Delete a registry value


Copy Code

-ImportKMS

Import user keys and certificates into the server database for key archival


Copy Code

-ImportCert

Import a certificate file into the database


Copy Code

-GetKey

Retrieve an archived private key recovery blob


Copy Code

-RecoverKey

Recover an archived private key


Copy Code

-MergePFX

Merge PFX files


Copy Code

-ConvertEPF

Convert a PFX file into an EPF file