Stack Overflow
Stack Overflow

Questions tagged [certutil]

Windows command for managing Certificate Services.

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. When certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. When cerutil is run on a non-certification authority, the command defaults to running the certutil -dump verb.

Useful links:

  1. CERTUTIL on technet.
  2. CERTUTIL on SS64 help pages.
99 questions
39
votes
7 answers

Import pfx file into particular certificate store from command line

It's relatively easy to import a certificate into the user's personal store from a pfx file by using CertUtil: certutil –f –p [certificate_password] –importpfx C:\[certificate_path_and_name].pfx But this ends up in the Personal Store of the…
Bob Tway
  • 9,301
  • 17
  • 80
  • 162
35
votes
5 answers

Import Certificate to Trusted Root but not to Personal [Command Line]

I am trying to import two certificates to my local machine using the command line. I have one certificate to add to the Personal Store of the local machine, and another one to add to the Trusted Root Certification Authorities. Here is the command to…
TiagoM
  • 3,458
  • 4
  • 42
  • 83
12
votes
7 answers

Saving result of CertUtil -hashfile to a variable and remove spaces of the hash

I want to save a result of CertUtil -hashfile "path_to_file" MD5 to a variable and remove spaces of the hash in command line command (to be more particular, I wan to use this in Command Line of post-processing in VS 2015 C++). Currently the result…
Dom
  • 532
  • 1
  • 9
  • 23
12
votes
4 answers

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format

I had downloaded a verified (not self-signed) S/MIME certificate with iceweasel (firefox) which was stored in cert8.db Then I used: certutil -L -d in order to list the certificates, and then I extracted the…
stelios
  • 2,679
  • 5
  • 31
  • 41
9
votes
1 answer

Let's encrypt certificate, Python and Windows

I changed my Webserver from HTTP to HTTPS with "Let"s Encrypt". The Webserver contains an API, and I have an Python application, which uses the API. Under Linux is all fine, but under Windows I receive this below, when I'm logging in. [SSL:…
clausismus
  • 165
  • 1
  • 9
7
votes
2 answers

How do you convert a .CSR / p10 / PKCS#10 file to .DER format in java?

How do you convert a .CSR (a.k.a. p10 or PKCS#10) file to .DER format in java? Here is a sample one: -----BEGIN CERTIFICATE…
atom88
  • 1,449
  • 3
  • 22
  • 32
6
votes
2 answers

Get string from X509 Cert pfx file

I want to get the x509 certificate as a string (certString) so that I can use it like var cert = new X509Certificate2(Convert.FromBase64String(certString)); to generate a CertObject in Code. I have tried around with certUtil but I dont know…
EngelbertCoder
  • 777
  • 2
  • 9
  • 29
6
votes
1 answer

How to import a pfx using certutil without prompt?

I want to import a pfx using cmd. I am using certutils for that. But I am getting a prompt asking to trust the certificate. I want to automatize import so I want to skip the warning prompt. How can I accomplish that? I am using command certutil -f…
Amol Manthalkar
  • 1,890
  • 2
  • 16
  • 16
5
votes
0 answers

Programatically install a certificate to Mozilla Firefox without certutil.exe

How to programatically install a certificate to Mozilla Firefox without certutil.exe? I don't want to use NSS library for Firefox. What are the alternatives of certutil? Any suggestions?
Monica
  • 61
  • 2
4
votes
2 answers

Microsoft OCSP Check (OCSP vs Lightweight OCSP) & confusing Responses by "certutil -url"

#Regular OCSP (RFC 6960) I have written an OCSP Responder where the Response based itself on the RFC 6960 which states that : If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time. So I…
Exception_al
  • 1,049
  • 1
  • 11
  • 21
4
votes
2 answers

Automate export x509 certificate w/chain from Server 2008 R2 to a p7b file WITHOUT external tools?

I manage the Domain Controllers centrally, but the site admins manage their own digital senders locally. I can easily export an X509 certificate (private key not needed) with the whole chain from a Windows Server 2008 R2 Domain Controller to a p7b…
JCSunday
  • 41
  • 2
  • 4
4
votes
1 answer

Dart HTTP Server and importing a SSL Certificate

I have create a Dart HTTP(s) server for deploying files. I can have it run the https with a self signed cert. But how do you import a .crt properly from someone for example GoDaddy properly?
ptDave
  • 392
  • 1
  • 2
  • 11
3
votes
0 answers

'CertUtil' is not recognized as the name of a cmdlet

I am trying to verify the validity of a package I downloaded (kubectl) using this command: $($(CertUtil -hashfile .\kubectl.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl.exe.sha256) as specified in their website but I get this error: …
KZiovas
  • 3,491
  • 3
  • 26
  • 47
3
votes
0 answers

certutil.exe is returning localized output

We have an PowerShell automation script that uses certutil.exe to list CA, issued certificates, etc... on a given Windows Server. We wrapped some functions around a system Invoke of certutil.exe and we are grepping its output to look for some given…
hzrari
  • 1,803
  • 1
  • 15
  • 26
3
votes
2 answers

SEC_ERROR_ADDING_CERT: Error adding certificate to database

While trying to configure a valid SSL certificate for localhost on Ubuntu, I got the following error: certutil -d sql:$HOME/.pki/nssdb -A -t "CT,c,c" -n "localhost" -i localhost.crt certutil: could not add certificate to token or…
Bruno Leveque
  • 2,647
  • 2
  • 23
  • 33
1
2 3 4 5 6 7