10

I have created a machine certificate. It appears in the Certificates (Local Computer)\Personal\Certificates certificate repository folder. Now I wish to extract its thumbprint using a command line utility.

Unfortunately, the closest thing that I could find is in this article.

I need to be able to perform this procedure on any Windows OS starting with XP.

Thanks.

mark
  • 59,016
  • 79
  • 296
  • 580
  • The script in the article does what you want. Put it in a vbs file and run it. – Amnon Dec 27 '10 at 19:05
  • Right, I did it. But it depends on CAPICOM.dll, which has to be registered. I was wondering if there is a utility using Crypt API directly, no dependencies. – mark Dec 28 '10 at 15:23

6 Answers6

11

Old, but maybe this will help someone. Put the following in a powershell script(.ps1) and run it. It will print the thumb to the screen. watch the word wrap in my paste.

$computerName = $Env:Computername
$domainName = $Env:UserDnsDomain
write-host "CN=$computername.$domainname"
$getThumb = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject -match "CN\=$Computername\.$DomainName" }
$getThumb.thumbprint
Paul
  • 126
  • 2
  • 3
7

Direct from command-line for a .cer file that isn't installed, and removes the embedded spaces (can probably be improved):

certutil.exe <mycert>.cer | findstr /c:"Cert Hash(sha1)" | for /f "tokens=3-22" %f in ('more') do @echo %f%g%h%i%j%k%l%m%n%o%p%q%r%s%t%u%v%w%x%y
kreinsch
  • 188
  • 1
  • 8
3

Get thumbprint directly from file .cer

const certpath = "\\host\res\something.cer"
dim objStdOut
dim strLine, resString

set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut

while not objStdOut.AtEndOfStream
    strLine = objStdOut.ReadLine
    if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1))
wend
wscript.echo resString
Vadim
  • 31
  • 1
2

In my case I could not use PowerShell, so I wrote this script to run with cscript.exe that will get you the thumb using a Regular Expression.

If WScript.Arguments.Count() = 0 Then
    WScript.Echo "Domain name to search for must be specified as first parameter."
    WScript.Quit 1
End If
domain = WScript.Arguments.Item(0)

Set objShell = WScript.CreateObject ("WScript.shell")

' Get all certificate information in store.
Set objCert = objShell.Exec("certutil -store my")
certOutput = ""
Do While objCert.Status = 0
  WScript.Sleep 10 
  Do While Not objCert.StdOut.AtEndOfStream 
     certOutput = certOutput & objCert.StdOut.ReadLine & vbNewLine
  Loop
Loop 

' Capture thumb for specified certificate using Regex.
Set thumbRegex = New RegExp
thumbRegex.Pattern = "Subject:\s+CN=" & domain & "\s*\n.*\n.*\nCert\sHash\(sha1\):\s+(.*)"
thumbRegex.IgnoreCase = True
thumbRegex.Global = False

' Verify match and trim out white space.
Set match = thumbRegex.Execute(certOutput)
result = ""
If match.Count > 0 Then
    result = match.Item(0).Submatches(0)
    result = Replace(result, " ", "")
    WScript.Echo result
Else
    WScript.Echo "The certificate for """ & domain & """ was not found."
    WScript.Quit 2
End If
Gregg B. Jensen
  • 39
  • 4
1

powershell Get-Childitem Cert:\LocalMachine\My

Fabrizio
  • 11
  • 1
-1

Here is a simple python script to do this:

def getThumbPrint(cert, passwd):
    val = ""
    info = subprocess.Popen(["certutil", "-p", passwd, cert], shell=False, stdout=subprocess.PIPE)
    for i in info.communicate()[0].split('\n'):
        if i.startswith("Cert Hash(sha1):"):
            val = i.split(':')[1].strip()

    # There may be more than 1, we want the last one.
    return val
B. Leslie
  • 165
  • 10