100 questions
0
votes
0
answers
207
views
certutil commands to check certificate and verify hash equivalent to openssl
I use two openssl commands to verify a certificate file:
openssl x509 -in <CERT_FILE> -noout
and verify a signature file:
openssl cms -verify -binary -content <INPUT_FILE> -inform PEM -...
- 1,098
0
votes
0
answers
96
views
Openssl 3.4.1 verify Certificates Fail
I tried using openssl verify to verify the end-entity certificate. The certificate chain is root -> CA -> cert, and I used the command: openssl verify -CAfile ca_root.der -untrusted ca_kdh.der ...
0
votes
2
answers
73
views
Output each checksum with its corresponding filename to seperate lines in a text file
I'm trying to output a checksum for six hundred tif files in a directory. I want each line to show the checksum followed by its respective file name.
For example:
b1039a6f0c4295916a82833f507f5e78 ...
- 11
2
votes
1
answer
4k
views
SSRS SSL HTTPS binding already exists for the specified IP address and port Error when trying to add SSL CERT
I'm trying to configure SSRS with SSL, when I try to add my SSL Cert via Reporting Services Configuration Manager, I get the following error;
Microsoft.ReportingServices.WmiProvider....
0
votes
1
answer
3k
views
certutil -addstore -user -f Root gives error_access_denied, although run as admin
Trying to install a certificate file (xxx.cer) to the user's root certificate list with the following command
certutil -addstore -user -f Root .\xxx.cer
results in the error message
CertUtil: -...
- 125
1
vote
1
answer
678
views
CRL is expired, but ChainStatus is telling me RevocationStatusUnknown
I am doing a chain validation with this
var ca = new X509Certificate2(caBytes);
var intermediate = new X509Certificate2(intermediateBytes);
chain.ChainPolicy.TrustMode = X509ChainTrustMode....
- 5,214
3
votes
1
answer
6k
views
Error using certutil -MergePFX - The system cannot find the file specified
I have previously used the certutil program to successfully convert a .CER formatted SSL certificate to .PFX format using the syntax
certutil -MergePFX mycert.cer mycert.pfx
as suggested in an answer ...
- 423
0
votes
1
answer
843
views
"The parameter is incorrect" error using "netsh http add sslcert" on Windows Server 2022
I have an "The parameter is incorrect." error on Windows Server 2022
I obtain the appid from certutil -store "MY" %SSL_DOMAIN% ^| find "Key Container"
Cert Hash(sha1): ...
0
votes
0
answers
3k
views
Decoding Base64 files in windows
So I have been tasked with automating getting certs for 1000 devices. And have been working though converting a Linux script to windows to match up with other scripts we have for other sections for ...
1
vote
1
answer
270
views
How to iterate through FOR IN outputs with IF statements in Windows Batch?
I have a directory of files, a HashControlFile.txt which contains the SHA256 sum calculated from the files in the directory, and a need to iterate through these files in a way that calculates and ...
0
votes
1
answer
3k
views
DDEV Install "unable to locate the package certutil"
I am trying to run Drupal on DDEV. In an administrative window, I installed mkcert v1.4.4. I have successfully installed Docker, Ubuntu 2204.1.6 and DDEV. When I run sudo apt-get update && ...
- 51
-1
votes
1
answer
941
views
Issues adding my own custom CA in Firefox after updating to newer version
I had Firefox 52.7.0 on my Linux host which is running fine.
Also, I have my own CA certificate which I add using certutil command:
$ certutil -d ~/.mozilla/firefox/profiledir -A -n myca -i ./myca.pem ...
- 710
3
votes
0
answers
6k
views
'CertUtil' is not recognized as the name of a cmdlet
I am trying to verify the validity of a package I downloaded (kubectl) using this command:
$($(CertUtil -hashfile .\kubectl.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl....
- 5,029
0
votes
1
answer
2k
views
How can I install a certificate on a remote machine with cmd (psexec)
I'm trying to install a certificate using cmd on a remote machine. Before you suggest PS please keep in mind I can't use PS since the remote machine is some custom Windows which doesn't have it.
So ...
- 181
1
vote
2
answers
6k
views
SHA256 hash doesn't match download - what now?
Hello stackoverflow World,
I'm investigating using the miniconda package manager for the first time.
I downloaded the files from here: https://docs.conda.io/en/latest/miniconda.html
I'm on a windows ...
- 31
1
vote
1
answer
5k
views
Certutil repair Code Signing Certificate in CurrentUser not LocalMachine
So this is my first time having this problem last time my code signing certificate was installed correct and without problems this time however the private key flag is missing from my certificate and ...
- 6,859
-1
votes
1
answer
299
views
Unhashing with certutil in batchfile
So I'm learning about hashing in Windows Batchfile and I was wondering if there is a simple way to unhash hashed text.
To hash the text, I have been using this:
set /p input=Text:
echo %input%>%...
- 35
0
votes
1
answer
4k
views
Get Issuing CA from certutil dump or by serial number (Windows Server PKI)
Is there any way to get the Certification Authority, that issued a certificate by a certutil command or by some interface where I can put the serial number of a certificate into?
Our company has ...
- 42
1
vote
1
answer
3k
views
Understanding elasticsearch certificate
I saw there are two type of certificate which is elastic-stack-ca.p12 and elastic-certificates.p12. What are the differences between these two certificate.
https://www.elastic.co/guide/en/...
- 91
1
vote
1
answer
2k
views
Replicating Certutil.exe's -decodehex output exactly
I have done a ton more research since I first posted this question and I think I had a few terms goofed up as well.
Dilemma: My company's Information Security team has flagged certutil.exe as a ...
- 602
1
vote
0
answers
2k
views
Is SHA-512 in "certutil" case insensitive?
I downloaded a file and used certutil to verify the integrity of a file I downloaded (command attached below). The uploader provided a SHA-512 hash with all letters capitalized, while certutil ...
- 13
0
votes
0
answers
2k
views
Certutil "Too Many Arguments" error when using python os.system command window
Trying to decode a simple file into a temporary text file using the code below:
os.system("start cmd /k certutil -f -decode \\SDHQFILE03.enxco.com\\arcgis\\General\\Solar\\R_and_D\\CodeLibrary\\...
3
votes
0
answers
442
views
certutil.exe is returning localized output
We have an PowerShell automation script that uses certutil.exe to list CA, issued certificates, etc... on a given Windows Server.
We wrapped some functions around a system Invoke of certutil.exe and ...
- 1,953
0
votes
1
answer
1k
views
Does certutil's -csp "Microsoft Platform Crypto Provider" option store the private key in the TPM?
Does certutil -csp "Microsoft Platform Crypto Provider" -importpfx options really store the private key in the TPM? I am wondering why the output of certutil -key -csp "Microsoft ...
- 439
1
vote
1
answer
592
views
Saving to file of same name as given path with different extension
What I wanna do: design a command for the Windows Powershell that lets a user input a path to a file they want to have the checksum of as well as their preferred checksum algorithm. The result should ...
- 363
2
votes
0
answers
412
views
SSL certutil Trusted Peer vs Trusted CA -t switch difference
I see two common patterns of using -t switch argument for the certutil tool
certutil ... -t "CT,c,c"
and
certutil ... -t "P,,"
when taking care of self-signed SSL certificates ...
- 6,671
0
votes
1
answer
1k
views
Running certutil -hashfile with standard inputs for filepath and hashtype (c++)
First time posting.
I am trying to write a simple program that takes a file path and a hash type from standard input, and outputs the corresponding hash using certutil. Later I would like to compare ...
-2
votes
1
answer
1k
views
From VBA to CMD - how insert result of command to cell [duplicate]
In cell (1, 1) I paste way to file.
Sub Command()
Shell "cmd.exe /c CertUtil -hashfile " & Range("A1") & " SHA512 > d:\files.txt"
End Sub
When I ...
4
votes
2
answers
5k
views
SEC_ERROR_ADDING_CERT: Error adding certificate to database
While trying to configure a valid SSL certificate for localhost on Ubuntu, I got the following error:
certutil -d sql:$HOME/.pki/nssdb -A -t "CT,c,c" -n "localhost" -i localhost....
- 2,831
1
vote
1
answer
1k
views
BATCH - Write a specific line of command output as a variable without temp files?
The code of certutil-hash.cmd:
@echo off
certutil -hashfile "%~dpnx0" md5
pause>nul
I want to save the whole second line with the hash value in a variable. CMD-Output:
MD5 hash from C:\...
- 13
0
votes
0
answers
73
views
Merging cmdlet outputs
I've been trying to solve this problem for a while but can't seem to find a decent solution.
I'm pulling the output of two certutil commands inside of a Powershell script:
certutil -View -config $...
- 21
0
votes
1
answer
2k
views
Certutil.exe connects to external resources
While performing certificate verification the certutil.exe connects to different external resources.
The util freezes for 5-10 seconds on the step CERT_CHAIN_POLICY_BASE, on endentity and even Root ...
- 3
0
votes
0
answers
624
views
How to generate one hash key for a directory in PowerShell?
This is what I am doing on linux
cat a-directory/* | md5
What would be the alternative in PowerShell, maybe something with CertUtil?
The reason I am doing this is that I want to make sure I can copy ...
- 535
1
vote
0
answers
6k
views
certutil export ALL certs using command prompt
I'm currently exporting a single file one at a time. anyone can help revise my command line to export ALL the certs from my store?
what i need to achieve is:
1) export all certs from my store into ...
- 23
3
votes
3
answers
9k
views
CertUtil Import pfx failed: NTE_NOT_SUPPORTED
I am attempting to set the KeySpec flag on an existing certificate for use in a SQL server encryption role. Current KeySpec is 0, and I need it to be a 1.
The way to do this is by first exporting ...
- 245
1
vote
1
answer
2k
views
x509Chain.build fails, certutil -verify passes
I have a root certificate and a leaf. The leaf has a CRL URL OID extension which points to a valid online location. Doing this:
certutil -verify .\leaf.cer
fails with
ERROR: Verifying leaf ...
- 15
0
votes
1
answer
5k
views
Restrict my certificate list on the basis of ExpirationDate in certutil -view -restrict cmd
Is there a way to restrict my certificate list on the basis of ExpirationDate of a certificate in certutil -view -restrict command?
I have nearly 2 million certificates. It is very hard to find in ...
- 75
1
vote
1
answer
1k
views
What is the certutil syntax to add in a modifier like "ExtendedProperties"
I am trying to find out where to put the modifier "ExtendedProperties" in the certutil -p "abcd" -exportPFX.... What would the syntax look like?
0
votes
1
answer
881
views
Ubuntu18 firefox Add trust to a exsisting certificate
Im using ubuntu18 desktop and i have added the certificates i need to firefox 73.0:
/usr/share/ca-certificates/mozilla
and also added it to :
/etc/ca-certificates.conf
At the end of the file like :
...
- 189
-3
votes
1
answer
287
views
Is there a base64 file encoding command that doesn't show up on screen?
I am well aware of certutil -encode, however in my use case I do not want the end user to see a console window open.
- 27
0
votes
1
answer
987
views
Visual Studio Extension certificate validation fails for Votive (Wix)
Installing Votive, an extension for Wix - Windows Installer fails for both Votive 2017 and Votive 2019 Visual Studio extension. The reason is a certificate validation error. How can you update your ...
- 3,940
3
votes
1
answer
2k
views
Add certificate to Trusted Publisher programmatically
I have a usb driver which is signed. I also have the certificate provided by the publisher.
If I try to install the driver with pnputil
pnputil /add-driver CerttName.cer /install
I'm asked if I want ...
- 22.1k
1
vote
1
answer
5k
views
Can’t use Mozilla’s cert9.db with certutil.exe
The following command: certutil.exe -L -d “C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1bku2z91.default-1633392324717\”
returns this error message: certutil.exe: function failed: ...
- 1,135
0
votes
1
answer
532
views
Is there any way to find out the hash value of two files?
I have the python code which generates the hash value of two files. The first file is located in c:\windows\system32\wscript.exe and another file which is the clone of the first file which is located ...
0
votes
0
answers
885
views
Windows 10 pro importing certificate through command line create a duplicate store
I am trying to import a certificate into my "Local computer" account under "Personal" certificate store.
Though when running one of the below 2 commands, the certificate is imported into a new ...
- 302
0
votes
1
answer
698
views
windows - Why firefox only trust certificate which certutil install?
I recent research about certificate in windows.
I try two different way to install certificate:
1. Use certutil command to install. ex: certutil -addstore -f "ROOT" rootCA.pem
2. Use Microsoft api to ...
- 25
2
votes
1
answer
4k
views
Importing .cer certificate from cmd
Importing a .cer certificate with certutil utility can't manage to match it with its private key although the certificate signing request was created on the same machine.
I'm using certreq to ...
- 471
0
votes
0
answers
222
views
Elevating permission error while running batch prom code
I am trying to remove old certificates from the os so i wrote a method for that:
public ActionResult DeleteOldCertificates(Session session)
{
try
{
return (...
- 4,508
0
votes
0
answers
68
views
Create CSR with 256 SANs
Have 256 iDRACs that have never had an SSL cert.
First I tried using a power-shell script to have the iDRACS themselves create the CSR individually,
Issue with that is, older versions of iDRAC will ...
- 1
0
votes
0
answers
1k
views
Certificate Revocation check failing in Windows Server 2016
Command
certuil.exe -verify
fails with the error - 'Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)' in Windows server 2016. The error is not seen in 2012 \ 2008.
Any ...
