The Certutil.exe Command Line Tool
Published: October 7, 2009
Updated: May 24, 2010
Applies To: Windows Server 2008 R2
You use the Certutil.exe command line tool to display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource.
================ Certificate 0 ================ Serial Number: 61b96b4300000000000b Issuer: CN=corp-DC1-CA, DC=corp, DC=contoso, DC=com NotBefore: 8/28/2009 11:57 AM NotAfter: 8/28/2010 11:57 AM Subject: CN=CLIENT2.corp.contoso.com Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine, Computer Cert Hash(sha1): d2 48 b0 ac d0 75 d2 17 d3 a2 52 73 03 fb 6d 93 05 d6 c5 9c Key Container = 7658bfbea27b8a8b1a912b2792198aa7_81cb8b83-9acb-41a0-a19f-615d9 d8a0337 Simple container name: le-Machine-e4918f29-7e62-48c3-a958-445f367d773d Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed CertUtil: -store command completed successfully.
To determine the subject, enhanced key usage (EKU), and certificate revocation list (CRL) distribution points fields of installed certificates for DirectAccess troubelshooting, use the certutil -v –store my > cert.txt command and then view the contents of the Cert.txt file.