A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

list of certificates from cmd



 
 
Thread Tools Display Modes
  #1  
Old July 29th 10, 09:53 AM posted to microsoft.public.windowsxp.security_admin
Andreas Moroder[_2_]
external usenet poster
 
Posts: 6
Default list of certificates from cmd

Hello,

is it possible to get from the commandline a list of the certificates
that are installed for the user that is logged in ?

Thanks
Andreas
Ads
  #2  
Old July 29th 10, 03:45 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default list of certificates from cmd

Andreas Moroder wrote:
Hello,

is it possible to get from the commandline a list of the certificates
that are installed for the user that is logged in ?

Thanks
Andreas



For the logged in User you can open Internet Options Content
Certificates

Here's all the command for certutil -

certutil /?

Verbs:
-dump -- Dump configuration information or files
-asn -- Parse ASN.1 file

-decodehex -- Decode hexadecimal-encoded file
-decode -- Decode Base64-encoded file
-encode -- Encode file to Base64

-deny -- Deny pending request
-resubmit -- Resubmit pending request
-setattributes -- Set attributes for pending request
-setextension -- Set extension for pending request
-revoke -- Revoke Certificate
-isvalid -- Display current certificate disposition

-getconfig -- Get default configuration string
-ping -- Ping Active Directory Certificate Services
Request interf
ace
-pingadmin -- Ping Active Directory Certificate Services Admin
interfac
e
-CAInfo -- Display CA Information
-ca.cert -- Retrieve the CA's certificate
-ca.chain -- Retrieve the CA's certificate chain
-GetCRL -- Get CRL
-CRL -- Publish new CRLs [or delta CRLs only]
-shutdown -- Shutdown Active Directory Certificate Services

-installCert -- Install Certification Authority certificate
-renewCert -- Renew Certification Authority certificate

-schema -- Dump Certificate Schema
-view -- Dump Certificate View
-db -- Dump Raw Database
-deleterow -- Delete server database row

-backup -- Backup Active Directory Certificate Services
-backupDB -- Backup Active Directory Certificate Services
database
-backupKey -- Backup Active Directory Certificate Services
certificate
and private key
-restore -- Restore Active Directory Certificate Services
-restoreDB -- Restore Active Directory Certificate Services
database
-restoreKey -- Restore Active Directory Certificate Services
certificate
and private key
-importPFX -- Import certificate and private key
-dynamicfilelist -- Display dynamic file List
-databaselocations -- Display database locations
-hashfile -- Generate and display cryptographic hash over a file

-store -- Dump certificate store
-addstore -- Add certificate to store
-delstore -- Delete certificate from store
-verifystore -- Verify certificate in store
-repairstore -- Repair key association or update certificate
properties o
r key security descriptor
-viewstore -- Dump certificate store
-viewdelstore -- Delete certificate from store

-dsPublish -- Publish certificate or CRL to Active Directory

-ADTemplate -- Display AD templates
-Template -- Display Enrollment Policy templates
-TemplateCAs -- Display CAs for template
-CATemplates -- Display templates for CA
-enrollmentServerURL -- Display, add or delete enrollment server URLs
associat
ed with a CA
-ADCA -- Display AD CAs
-CA -- Display Enrollment Policy CAs
-Policy -- Display Enrollment Policy
-PolicyCache -- Display or delete Enrollment Policy Cache entries
-CredStore -- Display, add or delete Credential Store entries
-InstallDefaultTemplates -- Install default certificate templates
-URLCache -- Display or delete URL cache entries
-pulse -- Pulse autoenrollment events
-MachineInfo -- Display Active Directory machine object information
-DCInfo -- Display domain controller information
-EntInfo -- Display enterprise information
-TCAInfo -- Display CA information
-SCInfo -- Display smart card information

-SCRoots -- Manage smart card root certificates

-verifykeys -- Verify public/private key set
-verify -- Verify certificate, CRL or chain
-sign -- Re-sign CRL or certificate

-vroot -- Create/delete web virtual roots and file shares
-vocsproot -- Create/delete web virtual roots for OCSP web proxy
-addEnrollmentServer -- Add an Enrollment Server application
-deleteEnrollmentServer -- Delete an Enrollment Server application
-oid -- Display ObjectId or set display name
-error -- Display error code message text
-getreg -- Display registry value
-setreg -- Set registry value
-delreg -- Delete registry value

-ImportKMS -- Import user keys and certificates into server
database fo
r key archival
-ImportCert -- Import a certificate file into the database
-GetKey -- Retrieve archived private key recovery blob
-RecoverKey -- Recover archived private key
-MergePFX -- Merge PFX files
-ConvertEPF -- Convert PFX files to EPF file
-? -- Display this usage message


CertUtil -? -- Display a verb list (command list)
CertUtil -dump -? -- Display help text for the "dump" verb
CertUtil -v -? -- Display all help text for all verbs

CertUtil: -? command completed successfully.


MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
  #3  
Old July 29th 10, 08:48 PM posted to microsoft.public.windowsxp.security_admin
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default list of certificates from cmd

MowGreen wrote:

Andreas Moroder wrote:

is it possible to get from the commandline a list of the certificates
that are installed for the user that is logged in ?


Here's all the command for certutil -

certutil /?

snipped the command syntax listing

CertUtil: -? command completed successfully.

snipped the non-signature signature

certutil is part of Certificate Services which is available with a
*server* version of Windows, not a workstation version, like XP (the
topic of this newsgroup). I didn't see it available as one of the free
utils from the W2K ResKit at ftp://ftp.microsoft.com/ResKit/win2000/ but
maybe it is available in the full ResKit (which you pay for).

If the OP has a server version of Windows available (and that's where
they actually want to get a list of their certs), or they have a Reskit
(if it includes this utility), or the executable can be copied from a
server version of Windows to the XP version and still work there
(without the cert server running on their XP host) then it might work
for the OP. One possiblity would be to run certutil on Windows Server
but specify that it interrogate a different host than on which it
executes (but I didn't see a "hostname" parameter to specify a non-local
host).

http://technet.microsoft.com/en-us/l...80(WS.10).aspx
http://technet.microsoft.com/en-us/l...43(WS.10).aspx
http://technet.microsoft.com/en-us/l...98(WS.10).aspx
  #4  
Old July 30th 10, 10:46 AM posted to microsoft.public.windowsxp.security_admin
Andreas Moroder[_2_]
external usenet poster
 
Posts: 6
Default list of certificates from cmd

For the logged in User you can open Internet Options Content
Certificates

Here's all the command for certutil -

certutil /?

Verbs:
-dump -- Dump configuration information or files
-asn -- Parse ASN.1 file

....
-CredStore -- Display, add or delete Credential Store entries

.....

Hello,

the version I have on my XP machine does not know the parameter -credstore
The version on our Win2008 and Win2008R2 know this parameter but don't
run on my XP because they are X64.

Bye
Andreas




  #5  
Old July 30th 10, 05:10 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default list of certificates from cmd

Andreas Moroder wrote:
For the logged in User you can open Internet Options Content
Certificates

Here's all the command for certutil -

certutil /?

Verbs:
-dump -- Dump configuration information or files
-asn -- Parse ASN.1 file

...
-CredStore -- Display, add or delete Credential Store entries

....

Hello,

the version I have on my XP machine does not know the parameter -credstore
The version on our Win2008 and Win2008R2 know this parameter but don't
run on my XP because they are X64.

Bye
Andreas





Andreas,

From: http://support.microsoft.com/kb/934576

" The only version of Certutil.exe that Windows XP supports is available
in the Microsoft Windows Server 2003 Administration Pack. To download
the Windows Server 2003 Administration Pack, visit the following
Microsoft Web site:
http://www.microsoft.com/downloads/d...displaylang=en



If you have update 907247 installed on Windows XP SP2, the version of
Certutil.exe that supports the -pulse command is available in the SP1
version of the Windows Server 2003 Administration Pack. To download it,
visit the following Microsoft Web site:
http://www.microsoft.com/downloads/d...DisplayLang=en
"



MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
  #6  
Old August 2nd 10, 06:38 AM posted to microsoft.public.windowsxp.security_admin
Andreas Moroder[_2_]
external usenet poster
 
Posts: 6
Default list of certificates from cmd

Andreas,

From: http://support.microsoft.com/kb/934576

" The only version of Certutil.exe that Windows XP supports is available
in the Microsoft Windows Server 2003 Administration Pack. To download
the Windows Server 2003 Administration Pack, visit the following
Microsoft Web site:
http://www.microsoft.com/downloads/d...displaylang=en



If you have update 907247 installed on Windows XP SP2, the version of
Certutil.exe that supports the -pulse command is available in the SP1
version of the Windows Server 2003 Administration Pack. To download it,
visit the following Microsoft Web site:
http://www.microsoft.com/downloads/d...DisplayLang=en
"



MowGreen


Thank you very much.

this wuld be a big work for a simple thing.

Whit what parameters do I have to run certutil to get a list of this two
stores ?
"Trusted Root" and "Trusted Publisher"

Bye
Andreas



  #7  
Old August 2nd 10, 04:53 PM posted to microsoft.public.windowsxp.security_admin
MowGreen
external usenet poster
 
Posts: 534
Default list of certificates from cmd

Andreas Moroder wrote:
Thank you very much.

this wuld be a big work for a simple thing.

Whit what parameters do I have to run certutil to get a list of this two
stores ?
"Trusted Root" and "Trusted Publisher"

Bye
Andreas





For the logged in User you can open Control Panel Internet Options
Content Certificates


MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
  #8  
Old August 5th 10, 06:14 AM posted to microsoft.public.windowsxp.security_admin
Andreas Moroder[_2_]
external usenet poster
 
Posts: 6
Default list of certificates from cmd

For the logged in User you can open Control Panel Internet Options
Content Certificates


MowGreen

Hello,

I knew this. The problem is, that my windows is german and instructions
to install certificates for a certain program are in english. The names
of the stores are translated in the gui, certutil uses the orginal names.

Bye
Andreas
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 06:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.