Export (0) Print
Expand All

The Certutil.exe Command Line Tool

Published: October 7, 2009

Updated: May 24, 2010

Applies To: Windows Server 2008 R2

You use the Certutil.exe command line tool to display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource.

The following is an example of the output from the certutil –store my command on the DirectAccess client in the DirectAccess test lab (http://go.microsoft.com/fwlink/?Linkid=150613).

================ Certificate 0 ================
Serial Number: 61b96b4300000000000b
Issuer: CN=corp-DC1-CA, DC=corp, DC=contoso, DC=com
 NotBefore: 8/28/2009 11:57 AM
 NotAfter: 8/28/2010 11:57 AM
Subject: CN=CLIENT2.corp.contoso.com
Certificate Template Name (Certificate Type): Machine
Non-root Certificate
Template: Machine, Computer
Cert Hash(sha1): d2 48 b0 ac d0 75 d2 17 d3 a2 52 73 03 fb 6d 93 05 d6 c5 9c
  Key Container = 7658bfbea27b8a8b1a912b2792198aa7_81cb8b83-9acb-41a0-a19f-615d9
  Simple container name: le-Machine-e4918f29-7e62-48c3-a958-445f367d773d
  Provider = Microsoft RSA SChannel Cryptographic Provider
Private key is NOT exportable
Encryption test passed
CertUtil: -store command completed successfully.

To determine the subject, enhanced key usage (EKU), and certificate revocation list (CRL) distribution points fields of installed certificates for DirectAccess troubelshooting, use the certutil -v –store my > cert.txt command and then view the contents of the Cert.txt file.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft