Windows XP Community - XPHeads



Driver Scanner

list of certificates from cmd

microsoft.public.windowsxp.security_admin




Recommended Fix - Fix Vista Errors and Optimize Performance


Driver Scanner 2009 - Free Scan Now
Reply
  #1 (permalink)  
Old 07-29-2010, 08:53 AM
Andreas Moroder
 
Posts: n/a
list of certificates from cmd
Hello,

is it possible to get from the commandline a list of the certificates
that are installed for the user that is logged in ?

Thanks
Andreas
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-29-2010, 02:45 PM
MowGreen
 
Posts: n/a
Re: list of certificates from cmd
Andreas Moroder wrote:
> Hello,
>
> is it possible to get from the commandline a list of the certificates
> that are installed for the user that is logged in ?
>
> Thanks
> Andreas



For the logged in User you can open Internet Options > Content >
Certificates

Here's all the command for certutil -

certutil /?

Verbs:
-dump -- Dump configuration information or files
-asn -- Parse ASN.1 file

-decodehex -- Decode hexadecimal-encoded file
-decode -- Decode Base64-encoded file
-encode -- Encode file to Base64

-deny -- Deny pending request
-resubmit -- Resubmit pending request
-setattributes -- Set attributes for pending request
-setextension -- Set extension for pending request
-revoke -- Revoke Certificate
-isvalid -- Display current certificate disposition

-getconfig -- Get default configuration string
-ping -- Ping Active Directory Certificate Services
Request interf
ace
-pingadmin -- Ping Active Directory Certificate Services Admin
interfac
e
-CAInfo -- Display CA Information
-ca.cert -- Retrieve the CA's certificate
-ca.chain -- Retrieve the CA's certificate chain
-GetCRL -- Get CRL
-CRL -- Publish new CRLs [or delta CRLs only]
-shutdown -- Shutdown Active Directory Certificate Services

-installCert -- Install Certification Authority certificate
-renewCert -- Renew Certification Authority certificate

-schema -- Dump Certificate Schema
-view -- Dump Certificate View
-db -- Dump Raw Database
-deleterow -- Delete server database row

-backup -- Backup Active Directory Certificate Services
-backupDB -- Backup Active Directory Certificate Services
database
-backupKey -- Backup Active Directory Certificate Services
certificate
and private key
-restore -- Restore Active Directory Certificate Services
-restoreDB -- Restore Active Directory Certificate Services
database
-restoreKey -- Restore Active Directory Certificate Services
certificate
and private key
-importPFX -- Import certificate and private key
-dynamicfilelist -- Display dynamic file List
-databaselocations -- Display database locations
-hashfile -- Generate and display cryptographic hash over a file

-store -- Dump certificate store
-addstore -- Add certificate to store
-delstore -- Delete certificate from store
-verifystore -- Verify certificate in store
-repairstore -- Repair key association or update certificate
properties o
r key security descriptor
-viewstore -- Dump certificate store
-viewdelstore -- Delete certificate from store

-dsPublish -- Publish certificate or CRL to Active Directory

-ADTemplate -- Display AD templates
-Template -- Display Enrollment Policy templates
-TemplateCAs -- Display CAs for template
-CATemplates -- Display templates for CA
-enrollmentServerURL -- Display, add or delete enrollment server URLs
associat
ed with a CA
-ADCA -- Display AD CAs
-CA -- Display Enrollment Policy CAs
-Policy -- Display Enrollment Policy
-PolicyCache -- Display or delete Enrollment Policy Cache entries
-CredStore -- Display, add or delete Credential Store entries
-InstallDefaultTemplates -- Install default certificate templates
-URLCache -- Display or delete URL cache entries
-pulse -- Pulse autoenrollment events
-MachineInfo -- Display Active Directory machine object information
-DCInfo -- Display domain controller information
-EntInfo -- Display enterprise information
-TCAInfo -- Display CA information
-SCInfo -- Display smart card information

-SCRoots -- Manage smart card root certificates

-verifykeys -- Verify public/private key set
-verify -- Verify certificate, CRL or chain
-sign -- Re-sign CRL or certificate

-vroot -- Create/delete web virtual roots and file shares
-vocsproot -- Create/delete web virtual roots for OCSP web proxy
-addEnrollmentServer -- Add an Enrollment Server application
-deleteEnrollmentServer -- Delete an Enrollment Server application
-oid -- Display ObjectId or set display name
-error -- Display error code message text
-getreg -- Display registry value
-setreg -- Set registry value
-delreg -- Delete registry value

-ImportKMS -- Import user keys and certificates into server
database fo
r key archival
-ImportCert -- Import a certificate file into the database
-GetKey -- Retrieve archived private key recovery blob
-RecoverKey -- Recover archived private key
-MergePFX -- Merge PFX files
-ConvertEPF -- Convert PFX files to EPF file
-? -- Display this usage message


CertUtil -? -- Display a verb list (command list)
CertUtil -dump -? -- Display help text for the "dump" verb
CertUtil -v -? -- Display all help text for all verbs

CertUtil: -? command completed successfully.


MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 07-29-2010, 07:48 PM
VanguardLH
 
Posts: n/a
Re: list of certificates from cmd
MowGreen wrote:

> Andreas Moroder wrote:
>
>> is it possible to get from the commandline a list of the certificates
>> that are installed for the user that is logged in ?

>
> Here's all the command for certutil -
>
> certutil /?
>

<snipped the command syntax listing>
>
> CertUtil: -? command completed successfully.
>

<snipped the non-signature signature>

certutil is part of Certificate Services which is available with a
*server* version of Windows, not a workstation version, like XP (the
topic of this newsgroup). I didn't see it available as one of the free
utils from the W2K ResKit at ftp://ftp.microsoft.com/ResKit/win2000/ but
maybe it is available in the full ResKit (which you pay for).

If the OP has a server version of Windows available (and that's where
they actually want to get a list of their certs), or they have a Reskit
(if it includes this utility), or the executable can be copied from a
server version of Windows to the XP version and still work there
(without the cert server running on their XP host) then it might work
for the OP. One possiblity would be to run certutil on Windows Server
but specify that it interrogate a different host than on which it
executes (but I didn't see a "hostname" parameter to specify a non-local
host).

http://technet.microsoft.com/en-us/l...80(WS.10).aspx
http://technet.microsoft.com/en-us/l...43(WS.10).aspx
http://technet.microsoft.com/en-us/l...98(WS.10).aspx
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 07-30-2010, 09:46 AM
Andreas Moroder
 
Posts: n/a
Re: list of certificates from cmd
> For the logged in User you can open Internet Options > Content >
> Certificates
>
> Here's all the command for certutil -
>
> certutil /?
>
> Verbs:
> -dump -- Dump configuration information or files
> -asn -- Parse ASN.1 file

....
> -CredStore -- Display, add or delete Credential Store entries

.....

Hello,

the version I have on my XP machine does not know the parameter -credstore
The version on our Win2008 and Win2008R2 know this parameter but don't
run on my XP because they are X64.

Bye
Andreas




Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 07-30-2010, 04:10 PM
MowGreen
 
Posts: n/a
Re: list of certificates from cmd
Andreas Moroder wrote:
>> For the logged in User you can open Internet Options > Content >
>> Certificates
>>
>> Here's all the command for certutil -
>>
>> certutil /?
>>
>> Verbs:
>> -dump -- Dump configuration information or files
>> -asn -- Parse ASN.1 file

> ...
>> -CredStore -- Display, add or delete Credential Store entries

> ....
>
> Hello,
>
> the version I have on my XP machine does not know the parameter -credstore
> The version on our Win2008 and Win2008R2 know this parameter but don't
> run on my XP because they are X64.
>
> Bye
> Andreas
>
>
>
>


Andreas,

From: http://support.microsoft.com/kb/934576

" The only version of Certutil.exe that Windows XP supports is available
in the Microsoft Windows Server 2003 Administration Pack. To download
the Windows Server 2003 Administration Pack, visit the following
Microsoft Web site:
http://www.microsoft.com/downloads/d...displaylang=en



If you have update 907247 installed on Windows XP SP2, the version of
Certutil.exe that supports the -pulse command is available in the SP1
version of the Windows Server 2003 Administration Pack. To download it,
visit the following Microsoft Web site:
http://www.microsoft.com/downloads/d...DisplayLang=en
"



MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 08-02-2010, 05:38 AM
Andreas Moroder
 
Posts: n/a
Re: list of certificates from cmd
> Andreas,
>
> From: http://support.microsoft.com/kb/934576
>
> " The only version of Certutil.exe that Windows XP supports is available
> in the Microsoft Windows Server 2003 Administration Pack. To download
> the Windows Server 2003 Administration Pack, visit the following
> Microsoft Web site:
> http://www.microsoft.com/downloads/d...displaylang=en
>
>
>
> If you have update 907247 installed on Windows XP SP2, the version of
> Certutil.exe that supports the -pulse command is available in the SP1
> version of the Windows Server 2003 Administration Pack. To download it,
> visit the following Microsoft Web site:
> http://www.microsoft.com/downloads/d...DisplayLang=en
> "
>
>
>
> MowGreen


Thank you very much.

this wuld be a big work for a simple thing.

Whit what parameters do I have to run certutil to get a list of this two
stores ?
"Trusted Root" and "Trusted Publisher"

Bye
Andreas



Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 08-02-2010, 03:53 PM
MowGreen
 
Posts: n/a
Re: list of certificates from cmd
Andreas Moroder wrote:
> Thank you very much.
>
> this wuld be a big work for a simple thing.
>
> Whit what parameters do I have to run certutil to get a list of this two
> stores ?
> "Trusted Root" and "Trusted Publisher"
>
> Bye
> Andreas
>
>




For the logged in User you can open Control Panel > Internet Options >
Content > Certificates


MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 08-05-2010, 05:14 AM
Andreas Moroder
 
Posts: n/a
Re: list of certificates from cmd
> For the logged in User you can open Control Panel > Internet Options >
> Content > Certificates
>
>
> MowGreen

Hello,

I knew this. The problem is, that my windows is german and instructions
to install certificates for a certain program are in english. The names
of the stores are translated in the gui, certutil uses the orginal names.

Bye
Andreas
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:06 PM.




Recommended Download



Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74