The Certificate Manager tool manages certificates, certificate trust lists (CTL), and Certificate Revocation Lists (CRL ).
Certmgr [/Add |/del |/put] [Options] [/s [/R registrylocation] [sourcestorename] [/s [/R registrylocation] [destinationstorename]
Parameters
Parameters |
Description |
Sourcestorename |
StorefileType or system storage area type input certificate storage area. |
Destinationstorename |
Output The certificate storage area or file. |
Option |
Description |
/Add |
Add the certificate, CTL, and CRL to the certificate storage area. |
/All |
When/AddAdd all items when used together. When/DelDelete all items when used together. Without/AddOr/DeleteAll items are displayed./AllThe option cannot match/Put. |
/C |
When/AddAdd a certificate when used together. When/DelDelete the certificate when used together. When/PutSave the certificate. Without/Add,/DeleteOr/PutThe certificate is displayed. |
/CRL |
Add or delete CRl. Without/Add,/DeleteOr/PutOption displays CRl. |
/CTL |
Add or delete CTL. Without/Add,/DeleteOr/PutShow CTL when using the options. |
/Delete |
Deletes the certificate, CTL, and CRL from the specified certificate store. |
/E Encodingtype |
Specifies the certificate encoding type. |
/F Dwflags |
Specifies the storage area opening flag. This is passedCertopenstoreOfDwflagsParameters. The default value is cert_system_store_current_user. Only when used/YOption. |
/H[ELP] |
Displays the command syntax and options of the tool. |
/N CommonName string |
Specifies the public name of the certificate to be added, deleted, or saved. This option can only be used for certificates and cannot be used for CTL or CRl. |
/Put |
Save the X.509 Certificate, CTL, or CRL in the certificate store to a file. The file will be saved in X.509 format./7Options can be/PutOption to save the file in PKCS #7 format./PutThe options must be followed/C,/CTLOr/CRL./AllThe option cannot match/Put. |
/R Registry location |
The Registry location of the system storage area. Only when/SOption.Registry locationMust be one of the following values:
|
/S |
Indicates that the certificate store is a system store. If this option is not specified, the bucket isStorefile. |
/Sha1 Sha1hash |
Specifies the sha1 hash of the certificate, CTL, or CRL to be added, deleted, or saved. |
/V |
Specify the verbose mode. Displays details about the certificate, CTL, and CRL. This option cannot match/Add,/DeleteOr/PutOption. |
/Y Storeprovidertype |
Provided by the specified storage areaProgramType. |
/7 |
Save the target bucket as a PKCS #7 object. |
/? |
Displays the command syntax and options of the tool. |
Remarks
Certmgr.exe performs the following basic functions:
Display certificates, CTL, and CRL on the console.
Add the certificate, CTL, and CRL to the certificate storage area.
Delete certificates, CTL, and CRL from the certificate store.
Save the X.509 Certificate, CTL, or CRL in the certificate store to a file.
Certmgr.exe uses two types of certificate storage areas:StorefileAnd system storage area. It does not necessarily mean that the certificate certmgr.exe in the storage area can identify the storage area type and perform appropriate operations.
If you do not specify any options when running certmgr.exe, a GUI is started to help you execute certificate management tasks that can be accessed through command lines. The GUI provides an import wizard that copies certificates, CTL, and CRL from the disk to the certificate store.
For more information about certificates, see the "about CryptoAPI" section in the Microsoft platform SDK documentation.
Example
The following command displaysMyThe default system storage area that contains detailed output.
Certmgr/v/s my
The following command is namedMyfile. extTo add all certificates in the file namedNewfile. ext.
Certmgr/Add/All/C myfile. Ext newfile. ext
The following command willMyThe system storage area has a public nameMycertTo a certificate namedNewcert. Cer.
Certmgr/Add/C/N mycert/s my newcert. Cer
Delete the following commandMyAll the ctl in the system storage area, and save the result storage area toNewstore. Str.
Certmgr/del/All/CTL/s my newstore. Str
The following command willMyA certificate in the system storage area is stored in a fileNewfile. You will be prompted to enterMyTo be placed inNewfileThe certificate number in.
Certmgr/Put/C/S my newfile