Forrest logo
tool overview
On this page you find all important commands for the CLI tool certutil. If the command you are looking for is missing please ask our AI.

certutil

Certutil is a command-line tool in Windows operating systems that is used to manage certificates and cryptographic services. It is primarily used by administrators and IT professionals to perform various operations related to certificates, such as installing, exporting, verifying, and managing digital certificates and certificate revocation Lists (CRLs).

Certutil provides a wide range of functionalities, including:

  1. Certificate management: Certutil allows you to install, remove, and manage certificates in the Windows certificate store. It supports various certificate formats, such as Personal Information Exchange (PFX), PKCS #7, and Certificate Trust List (CTL) files.

  2. Certificate enrollment: It enables certificate enrollment by connecting to a certification authority (CA) and requesting certificates through the command line. This is useful when automating certificate enrollment processes.

  3. Certificate revocation: Certutil can manage Certificate Revocation Lists (CRLs), which contain information about revoked certificates. It allows you to create, verify, and publish CRLs.

  4. Certificate operations: You can perform operations like importing and exporting certificates, generating key pairs, and calculating certificate hashes using certutil.

  5. Cryptographic operations: Certutil supports cryptographic operations like encryption, decryption, signing, and verification of files using certificates and cryptographic algorithms.

Certutil is a powerful and versatile tool that provides advanced certificate and cryptography management capabilities. It is commonly used in various scenarios, including certificate administration, security audits, troubleshooting, and automation of certificate-related tasks.

List of commands for certutil:

  • certutil:tldr:6e6f7 certutil: Add subject alternative names to a given certificate.
    $ certutil -S -f ${path-to-password_file-txt} -d . -t ",," -c "${server_certificate}" -n "${server_name}" -g ${2048} -s "CN=${common_name},O=${organization}"
    try on your machine
    explain this command
  • certutil:tldr:8662c certutil: List all certificates in a database.
    $ certutil -L -d .
    try on your machine
    explain this command
  • certutil:tldr:c4c2a certutil: Create a new certificate database.
    $ certutil -N -d .
    try on your machine
    explain this command
  • certutil:tldr:dfd35 certutil: Import the signed certificate into the requesters database.
    $ certutil -A -n "${server_certificate}" -t ",," -i ${filename-crt} -d .
    try on your machine
    explain this command
  • certutil:tldr:f6b72 certutil: List all private keys in a database.
    $ certutil -K -d . -f ${path-to-password_file-txt}
    try on your machine
    explain this command
tool overview