Skip to main content

 none
Certutil -store refined results RRS feed

  • General discussion

  • Hi,

    To display certificates I am interested in I am running Certutil -store MY which gives me lots of information on the 20 certs I have

    what I need to do now is refine this search using the command line to only display non archived certs from a particular authority.

    I have tried  Certutil -store MY | findstr "CN=Authority1"  ... but that only displays the line in the cert and not the rest of the details of that cert. So say of the 20 I have 5 are by that authority I get 5 lines telling me its found that string present - however I dont get the rest of the certificate details associated when you do the usual command.

    is there a way to refine the search yet display all the details from the retrieved results (without using VB or such)

    if there is - further to this is there a way of only displaying results certificates that are not archived. So back to my example of the 5 returned string 2 of these are Archived! when you look at the details. 

    Ultimately what I hope to find is the 3 active certificates and all their details issued by "Authority1" ... or have Template "AllowedLaptop" etc.

    Any help appreciated

    Tuesday, April 24, 2012 2:50 PM

All replies

  • Depending on the OS that you are running certutil on, there is some filtering capabilities.

    On Windows 7, you can type: certutil -store My XXXX

    Where XXXX can be:

                a serial number,
                a SHA-1 certificate, CRL, CTL or public key hash,
                a numeric cert index (0, 1, etc.),
                a numeric CRL index (.0, .1, etc.),
                a numeric CTL index (..0, ..1, etc.),
                a public key, signature or extension ObjectId,
                a certificate subject Common Name,
                an e-mail address, UPN or DNS name,
                a key container name or CSP name,
                a template name or ObjectId,
                an EKU or Application Policies ObjectId,
                or a CRL issuer Common Name.

    Unfortunately,  there is no filter for issuer. or archived. Powershell may be an alternative that meets your needs.

    Example:

    dir cert:\LocalMachine\My | where-object {$_.Archived -eq $false -and $_.Issuer -eq "CN=www.contoso.com"}

    returns certs in machine my store that are not archived and whose issuer is contoso. You will need to write a bit more powershell to get the cert template extension.

    Andrew

    Wednesday, April 25, 2012 4:38 PM
  • #Get local certificate store
    $my=dir cert:\LocalMachine\My

    #Get active certificate using "Unusual authentication" template
    $activecert=$my | where-object {($_.Archived -eq $false) -and (($_.extensions.item("1.3.6.1.4.1.311.21.7").format(0)) -match "Unusual authentication")  } | select serialnumber,@{n="Template";e={$_.extensions.item("1.3.6.1.4.1.311.21.7").format(0)}}
    Wednesday, October 7, 2015 12:20 PM