Certificate Manager tool (certmgr.exe)

The Certificate Manager tool manages certificates, certificate trust lists (CTL), and Certificate Revocation Lists (CRL ).

 
Certmgr [/Add |/del |/put] [Options] [/s [/R registrylocation] [sourcestorename] [/s [/R registrylocation] [destinationstorename]
 

 

Parameters

Parameters	Description
Sourcestorename	StorefileType or system storage area type input certificate storage area.
Destinationstorename	Output The certificate storage area or file.

Option	Description
/Add	Add the certificate, CTL, and CRL to the certificate storage area.
/All	When/AddAdd all items when used together. When/DelDelete all items when used together. Without/AddOr/DeleteAll items are displayed./AllThe option cannot match/Put.
/C	When/AddAdd a certificate when used together. When/DelDelete the certificate when used together. When/PutSave the certificate. Without/Add,/DeleteOr/PutThe certificate is displayed.
/CRL	Add or delete CRl. Without/Add,/DeleteOr/PutOption displays CRl.
/CTL	Add or delete CTL. Without/Add,/DeleteOr/PutShow CTL when using the options.
/Delete	Deletes the certificate, CTL, and CRL from the specified certificate store.
/E Encodingtype	Specifies the certificate encoding type.
/F Dwflags	Specifies the storage area opening flag. This is passedCertopenstoreOfDwflagsParameters. The default value is cert_system_store_current_user. Only when used/YOption.
/H[ELP]	Displays the command syntax and options of the tool.
/N CommonName string	Specifies the public name of the certificate to be added, deleted, or saved. This option can only be used for certificates and cannot be used for CTL or CRl.
/Put	Save the X.509 Certificate, CTL, or CRL in the certificate store to a file. The file will be saved in X.509 format./7Options can be/PutOption to save the file in PKCS #7 format./PutThe options must be followed/C,/CTLOr/CRL./AllThe option cannot match/Put.
/R Registry location	The Registry location of the system storage area. Only when/SOption.Registry locationMust be one of the following values: CurrentuserIndicates that the certificate store is in the HKEY_CURRENT_USER key. This is the default value. LocalmachineIndicates that the certificate store is in the HKEY_LOCAL_MACHINE key.
/S	Indicates that the certificate store is a system store. If this option is not specified, the bucket isStorefile.
/Sha1 Sha1hash	Specifies the sha1 hash of the certificate, CTL, or CRL to be added, deleted, or saved.
/V	Specify the verbose mode. Displays details about the certificate, CTL, and CRL. This option cannot match/Add,/DeleteOr/PutOption.
/Y Storeprovidertype	Provided by the specified storage areaProgramType.
/7	Save the target bucket as a PKCS #7 object.
/?	Displays the command syntax and options of the tool.

Remarks

Certmgr.exe performs the following basic functions:

• Display certificates, CTL, and CRL on the console.

• Add the certificate, CTL, and CRL to the certificate storage area.

• Delete certificates, CTL, and CRL from the certificate store.

• Save the X.509 Certificate, CTL, or CRL in the certificate store to a file.

Certmgr.exe uses two types of certificate storage areas:StorefileAnd system storage area. It does not necessarily mean that the certificate certmgr.exe in the storage area can identify the storage area type and perform appropriate operations.

If you do not specify any options when running certmgr.exe, a GUI is started to help you execute certificate management tasks that can be accessed through command lines. The GUI provides an import wizard that copies certificates, CTL, and CRL from the disk to the certificate store.

For more information about certificates, see the "about CryptoAPI" section in the Microsoft platform SDK documentation.

Example

The following command displaysMyThe default system storage area that contains detailed output.

 
Certmgr/v/s my
 

The following command is namedMyfile. extTo add all certificates in the file namedNewfile. ext.

 
Certmgr/Add/All/C myfile. Ext newfile. ext
 

The following command willMyThe system storage area has a public nameMycertTo a certificate namedNewcert. Cer.

 
Certmgr/Add/C/N mycert/s my newcert. Cer
 

Delete the following commandMyAll the ctl in the system storage area, and save the result storage area toNewstore. Str.

 
Certmgr/del/All/CTL/s my newstore. Str
 

The following command willMyA certificate in the system storage area is stored in a fileNewfile. You will be prompted to enterMyTo be placed inNewfileThe certificate number in.

 
Certmgr/Put/C/S my newfile