Home

CertUtil

certutil is a command-line utility included with Windows that provides access to the Certificate Services infrastructure. It is used by administrators to inspect, manage, and troubleshoot certificate stores, certificate enrollment, and related data within the Windows certificate framework.

The tool supports querying and manipulating certificate stores in both the current user and local machine

Common commands include listing certificates in a store (certutil -store my), adding a certificate to a store

While powerful, certutil is a Windows-specific tool and its command syntax can vary by operating system version.

contexts,
including
common
stores
such
as
Personal
(My)
and
Trusted
Root
Certification
Authorities.
It
can
import
and
export
certificates
and
certificate
chains,
and
it
offers
encoding
and
decoding
capabilities
to
convert
certificates
or
request
files
between
binary
and
text
forms.
certutil
can
verify
a
certificate,
check
its
validity
and
chain
status,
and
interact
with
a
Certification
Authority
to
enroll
or
renew
certificates
and
to
retrieve
revocation
information.
(certutil
-addstore
my
path\cert.cer),
and
removing
certificates
(certutil
-delstore
my
thumbprint).
It
can
encode
and
decode
data
(certutil
-encode
infile
outfile.txt,
certutil
-decode
infile.txt
outfile.cer)
and
verify
files
(certutil
-verify
file.cer).
It
is
intended
for
administrative
tasks
and
should
be
used
with
care,
as
misusing
it
can
affect
certificate
stores
and
private
keys.
For
scripting
or
automation,
it
is
common
to
supplement
certutil
with
other
utilities
such
as
certreq,
PowerShell
PKI
modules,
or
dedicated
certificate
management
tools.