CertMgr
CertMgr (Certmgr.exe) is a command-line CryptoAPI tool that manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).
CertMgr supports a large number of switches, but this section describes only those that are relevant to managing test certificates within a certificate store.
Partial list of operations, switches, and arguments
Operations
add
Configures CertMgr to add certificates, CTLs, or CRLs from the file specified by SourceName to the certificate store specified by DestinationName.
del
Configures CertMgr to delete certificates, CTLs, or CRLs in the certificate store specified by SourceName from the certificate store specified by DestinationName. If DestinationName is not specified, SourceName will also serve as the destination store and will be modified.
put
Configures CertMgr to save certificates, CTLs, or CRLs from the certificate store specified by SourceName to a file specified by DestinationName.
none
If no command is specified, CertMgr displays all the certificates, CTLs, or CRLs in the certificate store or file specified by SourceName.
Switches and Arguments
/c
Configures CertMgr to only process certificates from the file specified by SourceName.
/CTL
Configures CertMgr to only process CTLs from the file specified by SourceName.
/CRL
Configures CertMgr to only process CRLs from the file specified by SourceName.
/s
Configures CertMgr to access the certificate store specified by SourceName or DestinationName as a system store.
/r registryLocation
Specifies the registry location of the system certificate store. The /r switch is only valid when used with the /s switch. The registryLocation argument must be either:
currentUser
Specifies the registry location HKEY_CURRENT_USER.
localMachine
Specifies the registry location HKEY_LOCAL_MACHINE.
If the /r switch is not specified along with the /s switch, currentUser is the default.
For more information about these certificate stores, see Certificate Stores.
/v
Configures CertMgr to display detailed information about certificates, CTLs, and CRLs. If this switch is not specified, CertMgr only displays brief information.
Comments
To use CertMgr, the user must be a member of the Administrators group on the system and run the command from an elevated command prompt.
For a complete list of CertMgr parameters, see the Certificate Manager Tool website.
A 32-bit version of the CertMgr tool is located in the bin\i386 folder of the WDK. A 64-bit version of the tool is located in the bin\amd64 and bin\ia64 folders of the WDK.
Certmgr.msc или диспетчер сертификатов в Windows 10/8/7
Диспетчер сертификатов или Certmgr.msc в Windows позволяет просматривать сведения о ваших сертификатах, экспортировать, импортировать, изменять, удалять или запрашивать новые сертификаты. Корневые сертификаты — это цифровые документы, используемые для управления сетевой аутентификацией и обменом информацией.
Управление сертификатами с помощью диспетчера сертификатов или Certmgr.msc
Консоль диспетчера сертификатов является частью консоли управления Microsoft в Windows 10/8/7. MMC содержит различные инструменты, которые можно использовать для функций управления и обслуживания. Как упоминалось ранее, используя certmgr.msc, вы можете просматривать свои сертификаты, а также изменять, импортировать, экспортировать, удалять или запрашивать новые.
Для управления сертификатами в меню WinX в Windows выберите «Выполнить». Введите certmgr.msc в поле «Выполнить» и нажмите Enter. Помните, что вам нужно будет войти в систему как администратор. Диспетчер сертификатов откроется.
Вы увидите, что все сертификаты хранятся в разных папках в разделе Сертификаты — текущий пользователь . Когда вы откроете любую папку сертификатов, вы увидите, что сертификаты отображаются на правой панели. На правой панели вы увидите такие столбцы, как «Выдан», «Выдан», «Срок действия», «Назначение», «Понятное имя», «Статус» и «Шаблон сертификата». В столбце «Предполагаемые цели» указано, для чего используется каждый сертификат.
Используя диспетчер сертификатов, вы можете запросить новый сертификат с тем же ключом или другим ключом. Вы также можете экспортировать или импортировать сертификат. Чтобы выполнить какое-либо действие, выберите сертификат, щелкните меню «Действие»> «Все задачи», а затем щелкните нужную команду действия. Вы также можете щелкнуть правой кнопкой мыши контекстное меню, чтобы выполнить эти действия.
Если вы хотите экспортировать или импортировать сертификаты , откроется простой в использовании мастер, который выполнит необходимые действия.
Следует отметить, что Certmgr.msc является оснасткой консоли управления Microsoft, тогда как Certmgr.exe является утилитой командной строки. Если вы хотите узнать о параметрах командной строки в certmgr.exe, вы можете посетить MSDN.
Прочтите это, если получите. Проблема с сертификатом безопасности этого веб-сайта в сообщении IE.
Certmgr.exe (Certificate Manager Tool)
The Certificate Manager tool (Certmgr.exe) manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).
The Certificate Manager is automatically installed with Visual Studio. To start the tool, use the Command Prompts.
The Certificate Manager tool (Certmgr.exe) is a command-line utility, whereas Certificates (Certmgr.msc) is a Microsoft Management Console (MMC) snap-in. Because Certmgr.msc is usually found in the Windows System directory, entering certmgr at the command line may load the Certificates MMC snap-in even if you have opened the Developer Command Prompt for Visual Studio. This occurs because the path to the snap-in precedes the path to the Certificate Manager tool in the PATH environment variable. If you encounter this problem, you can execute Certmgr.exe commands by specifying the path to the executable.
This tool is automatically installed with Visual Studio. To run the tool, use the Developer Command Prompt for Visual Studio (or the Visual Studio Command Prompt in Windows 7). For more information, see Command Prompts.
For an overview of X.509 certificates, see Working with Certificates.
At the command prompt, type the following:
Syntax
Parameters
| Argument | Description |
|---|---|
| sourceStorename | The certificate store that contains the existing certificates, CTLs, or CRLs to add, delete, save, or display. This can be a store file or a systems store. |
| destinationStorename | The output certificate store or file. |
| Option | Description |
|---|---|
| /add | Adds certificates, CTLs, and CRLs to a certificate store. |
| /all | Adds all entries when used with /add. Deletes all entries when used with /del. Displays all entries when used without the /add or /del options. The /all option cannot be used with /put. |
| /c | Adds certificates when used with /add. Deletes certificates when used with /del. Saves certificates when used with /put. Displays certificates when used without the /add, /del, or /put option. |
| /CRL | Adds CRLs when used with /add. Deletes CRLs when used with /del. Saves CRLs when used with /put. Displays CRLs when used without the /add, /del, or /put option. |
| /CTL | Adds CTLs when used with /add. Deletes CTLs when used with /del. Saves CTLs when used with /put. Displays CTLs when used without the /add, /del, or /put option. |
| /del | Deletes certificates, CTLs, and CRLs from a certificate store. |
| /e encodingType | Specifies the certificate encoding type. The default is X509_ASN_ENCODING . |
| /f dwFlags | Specifies the store open flag. This is the dwFlags parameter passed to CertOpenStore. The default value is CERT_SYSTEM_STORE_CURRENT_USER. This option is considered only if the /y option is used. |
| /h[elp] | Displays command syntax and options for the tool. |
| /n nam | Specifies the common name of the certificate to add, delete, or save. This option can only be used with certificates; it cannot be used with CTLs or CRLs. |
| /put | Saves an X.509 certificate, CTL, or CRL from a certificate store to a file. The file is saved in X.509 format. You can use the /7 option with the /put option to save the file in PKCS #7 format. The /put option must be followed by either /c, /CTL, or /CRL. The /all option cannot be used with /put. |
| /r location | Identifies the registry location of the system store. This option is considered only if you specify the /s option. location must be one of the following: — currentUser indicates that the certificate store is under the HKEY_CURRENT_USER key. This is the default. |
| /s | Indicates that the certificate store is a system store. If you do not specify this option, the store is considered to be a StoreFile. |
| /sha1 sha1Hash | Specifies the SHA1 hash of the certificate, CTL, or CRL to add, delete, or save. |
| /v | Specifies verbose mode; displays detailed information about certificates, CTLs, and CRLs. This option cannot be used with the /add, /del, or /put options. |
| /y provider | Specifies the store provider name. |
| /7 | Saves the destination store as a PKCS #7 object. |
| /? | Displays command syntax and options for the tool. |
Remarks
Certmgr.exe performs the following basic functions:
Displays certificates, CTLs, and CRLs to the console.
Adds certificates, CTLs, and CRLs to a certificate store.
Deletes certificates, CTLs, and CRLs from a certificate store.
Saves an X.509 certificate, CTL, or CRL from a certificate store to a file.
Certmgr.exe works with two types of certificate stores: StoreFile and system store. It is not necessary to specify the type of certificate store; Certmgr.exe can identify the store type and perform the appropriate operations.
Running Certmgr.exe without specifying any options launches the certmgr.msc snap-in, which has a GUI that helps with the certificate management tasks that are also available from the command line. The GUI provides an import wizard, which copies certificates, CTLs, and CRLs from your disk to a certificate store.
You can find the names of X509Certificate stores for the sourceStorename and destinationStorename parameters by compiling and running the following code.
For more information about certificates, see Working with Certificates.
Examples
The following command displays a default system store called my with verbose output.
The following command adds all the certificates in a file called myFile.ext to a new file called newFile.ext .
The following command adds the certificate in a file named testcert.cer to the my system store.
The following command adds the certificate in a file named TrustedCert.cer to the root certificate store.
The following command saves a certificate with the common name myCert in the my system store to a file called newCert.cer .
The following command deletes all CTLs in the my system store and saves the resulting store to a file called newStore.str .
The following command saves a certificate in the my system store in the file newFile . You will be prompted to enter the certificate number from my to put in newFile .