{"id":6446,"date":"2021-12-28T20:44:01","date_gmt":"2021-12-29T02:44:01","guid":{"rendered":"https:\/\/justinparrtech.com\/JustinParr-Tech\/?p=6446"},"modified":"2021-12-29T07:41:45","modified_gmt":"2021-12-29T13:41:45","slug":"windows-certutil-list-certificate-stores","status":"publish","type":"post","link":"https:\/\/justinparrtech.com\/JustinParr-Tech\/windows-certutil-list-certificate-stores\/","title":{"rendered":"Windows CertUtil &#8211; List Certificate Stores"},"content":{"rendered":"<h1>Windows CertUtil &#8211; List Certificate Stores<\/h1>\n<p>I needed a way to list all of the Windows certificate stores&#8230;<\/p>\n<p>Google failed me, so here it is:<\/p>\n<pre>Microsoft Windows [Version 6.1.7601]\r\nCopyright (c) 2009 Microsoft Corporation. All rights reserved.\r\n\r\nC:\\Windows\\system32&gt;<span style=\"color: #00ff00;\">certutil -enumstore<\/span>\r\n\r\n(CurrentUser: -user)\r\nLocalMachine\r\n(CurrentService: -service)\r\n(Services: -service -service)\r\n(Users: -user -user)\r\n(CurrentUserGroupPolicy: -user -grouppolicy)\r\n(LocalMachineGroupPolicy: -grouppolicy)\r\n(LocalMachineEnterprise: -enterprise)\r\n\r\n<strong>My<\/strong>\r\n<strong>Root<\/strong>\r\n<strong>Trust<\/strong>\r\n<strong>CA<\/strong>\r\nTrustedPublisher\r\nDisallowed\r\n<strong>AuthRoot<\/strong>\r\nTrustedPeople\r\nHomegroup Machine Certificates\r\nSmartCardRoot\r\nSPC\r\nTrustedDevices\r\nWindows Live ID Token Issuer\r\nCertUtil: -enumstore command completed successfully.<\/pre>\n<p>If you&#8217;re looking for the store names listed in MMC, they are listed with a completely different name, because&#8230; Microsoft:<\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color: #ccffff;\"><strong>CertUtil Storename<\/strong><\/span><\/td>\n<td><span style=\"color: #ccffff;\"><strong>In &#8220;Certificates&#8221; MMC<\/strong><\/span><\/td>\n<td><span style=\"color: #ccffff;\"><strong>Purpose<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td>My<\/td>\n<td>Personal<\/td>\n<td>Certificates assigned to this user or machine<\/td>\n<\/tr>\n<tr>\n<td>Root<\/td>\n<td>Trusted Root Certification Authorities<\/td>\n<td>Root CAs trusted by this machine &#8211; typically this isn&#8217;t used very often<\/td>\n<\/tr>\n<tr>\n<td>Trust<\/td>\n<td>Enterprise Trust<\/td>\n<td>Active Directory and other CAs related to management and authentication<\/td>\n<\/tr>\n<tr>\n<td>CA<\/td>\n<td>Intermediate Certification Authorities<\/td>\n<td>Intermediate CAs trusted by this machine &#8211; typically this is not used.\u00a0 The server should serve out an intermediate that is downloaded on the fly, and must chain to a root CA in &#8220;Third-Party Root Certification Authorities&#8221;<\/td>\n<\/tr>\n<tr>\n<td>AuthRoot<\/td>\n<td>Third-Party Root Certification Authorities<\/td>\n<td>Public trust providers such as DigiCert \/ GeoTrust or Thawte<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>To list all of the certificates within a store:<\/p>\n<pre>C:\\Windows\\system32&gt;<span style=\"color: #00ff00;\">certutil -store<\/span> <span style=\"color: #00ffff;\">authroot<\/span>\r\nauthroot\r\n================ Certificate 0 ================\r\nSerial Number: 7777062726a9b17c\r\nIssuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US\r\nNotBefore: 1\/29\/2010 8:06 AM\r\nNotAfter: 12\/31\/2030 8:06 AM\r\nSubject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US\r\nSignature matches Public Key\r\nRoot Certificate: Subject matches Issuer\r\nTemplate: \r\nCert Hash(sha1): f9 b5 b6 32 45 5f 9c be ec 57 5f 80 dc e9 6e 2c c7 b2 78 b7\r\nNo key provider information\r\nCannot find the certificate and private key for decryption.\r\n\r\n================ Certificate 1 ================\r\nSerial Number: 600197b746a7eab4b49ad64b2ff790fb\r\nIssuer: CN=thawte Primary Root CA - G3, OU=(c) 2008 thawte, Inc. - For authorized use only, OU=Certification Services Division, O=thawte, Inc., C=US\r\nNotBefore: 4\/1\/2008 6:00 PM\r\nNotAfter: 12\/1\/2037 5:59 PM\r\nSubject: CN=thawte Primary Root CA - G3, OU=(c) 2008 thawte, Inc. - For authorized use only, OU=Certification Services Division, O=thawte, Inc., C=US\r\nSignature matches Public Key\r\nRoot Certificate: Subject matches Issuer\r\nTemplate: \r\nCert Hash(sha1): f1 8b 53 8d 1b e9 03 b6 a6 f0 56 43 5b 17 15 89 ca f3 6b f2\r\nNo key provider information\r\nCannot find the certificate and private key for decryption.\r\n.\r\n.\r\n.\r\n.\r\n.\r\n================ Certificate 52 ================\r\nSerial Number: 01\r\nIssuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE\r\nNotBefore: 5\/30\/2000 4:48 AM\r\nNotAfter: 5\/30\/2020 4:48 AM\r\nSubject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE\r\nSignature matches Public Key\r\nRoot Certificate: Subject matches Issuer\r\nTemplate: \r\nCert Hash(sha1): 02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4 5b 68 85 18 68\r\nNo key provider information\r\nCannot find the certificate and private key for decryption.\r\nCertUtil: -store command completed successfully.<\/pre>\n<p>&nbsp;<\/p>\n<p>And there you go, kids&#8230; always remember to use your powers for good and not evil.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Windows CertUtil &#8211; List Certificate Stores I needed a way to list all of the Windows certificate stores&#8230; Google failed me, so here it is: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\\Windows\\system32&gt;certutil -enumstore (CurrentUser: -user) LocalMachine (CurrentService: -service) (Services: -service -service) (Users: -user -user) (CurrentUserGroupPolicy: -user -grouppolicy) (LocalMachineGroupPolicy: -grouppolicy) [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[2,22],"tags":[],"class_list":["post-6446","post","type-post","status-publish","format-aside","hentry","category-tech-support","category-tech-tip","post_format-post-format-aside"],"_links":{"self":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/6446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/comments?post=6446"}],"version-history":[{"count":10,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/6446\/revisions"}],"predecessor-version":[{"id":6468,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/6446\/revisions\/6468"}],"wp:attachment":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/media?parent=6446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/categories?post=6446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/tags?post=6446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}