list of certificates from cmd
in [Security]
|
From: Andreas Moroder on 29 Jul 2010 04:53 Hello, is it possible to get from the commandline a list of the certificates that are installed for the user that is logged in ? Thanks Andreas
From: MowGreen on 29 Jul 2010 10:45 Andreas Moroder wrote: > Hello, > > is it possible to get from the commandline a list of the certificates > that are installed for the user that is logged in ? > > Thanks > Andreas For the logged in User you can open Internet Options > Content > Certificates Here's all the command for certutil - certutil /? Verbs: -dump -- Dump configuration information or files -asn -- Parse ASN.1 file -decodehex -- Decode hexadecimal-encoded file -decode -- Decode Base64-encoded file -encode -- Encode file to Base64 -deny -- Deny pending request -resubmit -- Resubmit pending request -setattributes -- Set attributes for pending request -setextension -- Set extension for pending request -revoke -- Revoke Certificate -isvalid -- Display current certificate disposition -getconfig -- Get default configuration string -ping -- Ping Active Directory Certificate Services Request interf ace -pingadmin -- Ping Active Directory Certificate Services Admin interfac e -CAInfo -- Display CA Information -ca.cert -- Retrieve the CA's certificate -ca.chain -- Retrieve the CA's certificate chain -GetCRL -- Get CRL -CRL -- Publish new CRLs [or delta CRLs only] -shutdown -- Shutdown Active Directory Certificate Services -installCert -- Install Certification Authority certificate -renewCert -- Renew Certification Authority certificate -schema -- Dump Certificate Schema -view -- Dump Certificate View -db -- Dump Raw Database -deleterow -- Delete server database row -backup -- Backup Active Directory Certificate Services -backupDB -- Backup Active Directory Certificate Services database -backupKey -- Backup Active Directory Certificate Services certificate and private key -restore -- Restore Active Directory Certificate Services -restoreDB -- Restore Active Directory Certificate Services database -restoreKey -- Restore Active Directory Certificate Services certificate and private key -importPFX -- Import certificate and private key -dynamicfilelist -- Display dynamic file List -databaselocations -- Display database locations -hashfile -- Generate and display cryptographic hash over a file -store -- Dump certificate store -addstore -- Add certificate to store -delstore -- Delete certificate from store -verifystore -- Verify certificate in store -repairstore -- Repair key association or update certificate properties o r key security descriptor -viewstore -- Dump certificate store -viewdelstore -- Delete certificate from store -dsPublish -- Publish certificate or CRL to Active Directory -ADTemplate -- Display AD templates -Template -- Display Enrollment Policy templates -TemplateCAs -- Display CAs for template -CATemplates -- Display templates for CA -enrollmentServerURL -- Display, add or delete enrollment server URLs associat ed with a CA -ADCA -- Display AD CAs -CA -- Display Enrollment Policy CAs -Policy -- Display Enrollment Policy -PolicyCache -- Display or delete Enrollment Policy Cache entries -CredStore -- Display, add or delete Credential Store entries -InstallDefaultTemplates -- Install default certificate templates -URLCache -- Display or delete URL cache entries -pulse -- Pulse autoenrollment events -MachineInfo -- Display Active Directory machine object information -DCInfo -- Display domain controller information -EntInfo -- Display enterprise information -TCAInfo -- Display CA information -SCInfo -- Display smart card information -SCRoots -- Manage smart card root certificates -verifykeys -- Verify public/private key set -verify -- Verify certificate, CRL or chain -sign -- Re-sign CRL or certificate -vroot -- Create/delete web virtual roots and file shares -vocsproot -- Create/delete web virtual roots for OCSP web proxy -addEnrollmentServer -- Add an Enrollment Server application -deleteEnrollmentServer -- Delete an Enrollment Server application -oid -- Display ObjectId or set display name -error -- Display error code message text -getreg -- Display registry value -setreg -- Set registry value -delreg -- Delete registry value -ImportKMS -- Import user keys and certificates into server database fo r key archival -ImportCert -- Import a certificate file into the database -GetKey -- Retrieve archived private key recovery blob -RecoverKey -- Recover archived private key -MergePFX -- Merge PFX files -ConvertEPF -- Convert PFX files to EPF file -? -- Display this usage message CertUtil -? -- Display a verb list (command list) CertUtil -dump -? -- Display help text for the "dump" verb CertUtil -v -? -- Display all help text for all verbs CertUtil: -? command completed successfully. MowGreen ================ *-343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked
From: VanguardLH on 29 Jul 2010 15:48 MowGreen wrote: > Andreas Moroder wrote: > >> is it possible to get from the commandline a list of the certificates >> that are installed for the user that is logged in ? > > Here's all the command for certutil - > > certutil /? > <snipped the command syntax listing> > > CertUtil: -? command completed successfully. > <snipped the non-signature signature> certutil is part of Certificate Services which is available with a *server* version of Windows, not a workstation version, like XP (the topic of this newsgroup). I didn't see it available as one of the free utils from the W2K ResKit at ftp://ftp.microsoft.com/ResKit/win2000/ but maybe it is available in the full ResKit (which you pay for). If the OP has a server version of Windows available (and that's where they actually want to get a list of their certs), or they have a Reskit (if it includes this utility), or the executable can be copied from a server version of Windows to the XP version and still work there (without the cert server running on their XP host) then it might work for the OP. One possiblity would be to run certutil on Windows Server but specify that it interrogate a different host than on which it executes (but I didn't see a "hostname" parameter to specify a non-local host). http://technet.microsoft.com/en-us/library/cc738780(WS.10).aspx http://technet.microsoft.com/en-us/library/cc732443(WS.10).aspx http://technet.microsoft.com/en-us/library/cc772898(WS.10).aspx
From: Andreas Moroder on 30 Jul 2010 05:46 > For the logged in User you can open Internet Options > Content > > Certificates > > Here's all the command for certutil - > > certutil /? > > Verbs: > -dump -- Dump configuration information or files > -asn -- Parse ASN.1 file .... > -CredStore -- Display, add or delete Credential Store entries ..... Hello, the version I have on my XP machine does not know the parameter -credstore The version on our Win2008 and Win2008R2 know this parameter but don't run on my XP because they are X64. Bye Andreas
From: MowGreen on 30 Jul 2010 12:10 Andreas Moroder wrote: >> For the logged in User you can open Internet Options > Content > >> Certificates >> >> Here's all the command for certutil - >> >> certutil /? >> >> Verbs: >> -dump -- Dump configuration information or files >> -asn -- Parse ASN.1 file > ... >> -CredStore -- Display, add or delete Credential Store entries > .... > > Hello, > > the version I have on my XP machine does not know the parameter -credstore > The version on our Win2008 and Win2008R2 know this parameter but don't > run on my XP because they are X64. > > Bye > Andreas > > > > Andreas, From: http://support.microsoft.com/kb/934576 " The only version of Certutil.exe that Windows XP supports is available in the Microsoft Windows Server 2003 Administration Pack. To download the Windows Server 2003 Administration Pack, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?FamilyID=C16AE515-C8F4-47EF-A1E4-A8DCBACFF8E3&displaylang=en If you have update 907247 installed on Windows XP SP2, the version of Certutil.exe that supports the -pulse command is available in the SP1 version of the Windows Server 2003 Administration Pack. To download it, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?FamilyID=e487f885-f0c7-436a-a392-25793a25bad7&DisplayLang=en " MowGreen ================ *-343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked
|
Next
|
Last
Pages: 1 2 Prev: Local Power User on domain Next: Realation between Guests and Users groups |