Certmgr.exe (憑證管理員工具)Certmgr.exe (Certificate Manager Tool)

憑證管理員工具 (Certmgr.exe) 可以管理憑證、憑證信任清單 (CTL) 和憑證撤銷清單 (CRL)。The Certificate Manager tool (Certmgr.exe) manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).

憑證管理員會隨 Visual Studio 自動安裝。The Certificate Manager is automatically installed with Visual Studio. 若要啟動工具,請使用命令提示字元To start the tool, use the Command Prompts.

注意

憑證管理工具 (Certmgr.exe) 是一個命令列公用程式,而憑證 (Certmgr.msc) 則是 Microsoft Management Console (MMC) 嵌入式管理單元。The Certificate Manager tool (Certmgr.exe) is a command-line utility, whereas Certificates (Certmgr.msc) is a Microsoft Management Console (MMC) snap-in. 因為 Certmgr.msc 通常會位於 Windows 系統目錄中,以在命令列中輸入 certmgr 可能會載入憑證 MMC 嵌入式管理單元,即使您已開啟 Visual Studio 開發人員命令提示字元也一樣。Because Certmgr.msc is usually found in the Windows System directory, entering certmgr at the command line may load the Certificates MMC snap-in even if you have opened the Developer Command Prompt for Visual Studio. 發生這種情況是因為嵌入式管理單元的路徑在 PATH 環境變數中位於憑證管理員工具的路徑之前。This occurs because the path to the snap-in precedes the path to the Certificate Manager tool in the PATH environment variable. 如果您遇到此問題,可以透過指定可執行檔的路徑來執行 Certmgr.exe 指令。If you encounter this problem, you can execute Certmgr.exe commands by specifying the path to the executable.

此工具會自動與 Visual Studio 一起安裝。This tool is automatically installed with Visual Studio. 若要執行這項工具,請使用 [Visual Studio 開發人員命令提示字元] (或 Windows 7 中的 [Visual Studio 命令提示字元])。To run the tool, use the Developer Command Prompt for Visual Studio (or the Visual Studio Command Prompt in Windows 7). 如需詳細資訊,請參閱命令提示字元For more information, see Command Prompts.

如需 X.509 憑證的概觀,請參閱使用憑證For an overview of X.509 certificates, see Working with Certificates.

在命令提示字元下輸入下列命令:At the command prompt, type the following:

語法Syntax

      certmgr [/add | /del | /put] [options]  
[/s[/r registryLocation]] [sourceStorename]  
[/s[/r registryLocation]] [destinationStorename]  

參數Parameters

引數Argument 描述Description
sourceStorenamesourceStorename 憑證存放區,包含現有的憑證、CTL,或是要新增、刪除、儲存或顯示的 CRL。The certificate store that contains the existing certificates, CTLs, or CRLs to add, delete, save, or display. 這可以是存放區檔或系統存放區。This can be a store file or a systems store.
destinationStorenamedestinationStorename 輸出憑證存放區或檔案。The output certificate store or file.
選項Option 描述Description
/add/add 將憑證、CTL 和 CRL 加入憑證存放區。Adds certificates, CTLs, and CRLs to a certificate store.
/all/all /add 一起使用時會加入所有項目。Adds all entries when used with /add. /del 一起使用時會刪除所有項目。未與 /add/del 選項一起使用時,會顯示所有項目。Deletes all entries when used with /del. Displays all entries when used without the /add or /del options. /all 選項無法與 /put 一起使用。The /all option cannot be used with /put.
/c/c /add 一起使用時會加入憑證。Adds certificates when used with /add. /del 一起使用時會刪除憑證。與 /put 一起使用時會儲存憑證。Deletes certificates when used with /del. Saves certificates when used with /put. 未與 /add/del/put 選項一起使用時,會顯示憑證。Displays certificates when used without the /add, /del, or /put option.
/CRL/CRL /add 一起使用時會加入 CRL。Adds CRLs when used with /add. /del 一起使用時會刪除 CRL。與 /put 一起使用時會儲存 CRL。Deletes CRLs when used with /del. Saves CRLs when used with /put. 未與 /add/del/put 選項一起使用時,會顯示 CRL。Displays CRLs when used without the /add, /del, or /put option.
/CTL/CTL /add 一起使用時會加入 CTL。Adds CTLs when used with /add. /del 一起使用時會刪除 CTL。與 /put 一起使用時會儲存 CTL。Deletes CTLs when used with /del. Saves CTLs when used with /put. 未與 /add/del/put 選項一起使用時,會顯示 CTL。Displays CTLs when used without the /add, /del, or /put option.
/del/del 從憑證存放區刪除憑證、CTL 和 CRL。Deletes certificates, CTLs, and CRLs from a certificate store.
/e encodingType/e encodingType 指定憑證的編碼類型。Specifies the certificate encoding type. 預設為 X509_ASN_ENCODINGThe default is X509_ASN_ENCODING.
/f dwFlags/f dwFlags 指定存放區的開放旗標。Specifies the store open flag. 這是傳遞到 CertOpenStoredwFlags 參數。This is the dwFlags parameter passed to CertOpenStore. 預設值是 CERT_SYSTEM_STORE_CURRENT_USER。The default value is CERT_SYSTEM_STORE_CURRENT_USER. 只有在使用 /y 選項時,才會將這個選項列入考量。This option is considered only if the /y option is used.
/h[elp]/h[elp] 顯示工具的命令語法和選項。Displays command syntax and options for the tool.
/n nam/n nam 指定憑證的通用名稱來進行加入、刪除或儲存。Specifies the common name of the certificate to add, delete, or save. 這個選項只能與憑證一起使用,無法與 CTL 或 CRL 一起使用。This option can only be used with certificates; it cannot be used with CTLs or CRLs.
/put/put 將 X.509 憑證、CTL 或 CRL 從憑證存放區儲存到檔案。Saves an X.509 certificate, CTL, or CRL from a certificate store to a file. 檔案是以 X.509 格式儲存。The file is saved in X.509 format. 您可以將 /7 選項與 /put 選項一起使用,以 PKCS #7 格式儲存檔案。You can use the /7 option with the /put option to save the file in PKCS #7 format. /put 選項後面必須接著 /c/CTL/CRLThe /put option must be followed by either /c, /CTL, or /CRL. /all 選項無法與 /put 一起使用。The /all option cannot be used with /put.
/r location/r location 識別系統存放區的登錄位置。Identifies the registry location of the system store. 只有在指定 /s 選項時,才會將這個選項列入考量。This option is considered only if you specify the /s option. location 必須是下列其中一項:location must be one of the following:

- currentUser 表示憑證存放區是在 HKEY_CURRENT_USER 機碼下方。- currentUser indicates that the certificate store is under the HKEY_CURRENT_USER key. 這是預設值。This is the default.
- localMachine 表示憑證存放區是在 HKEY_LOCAL_MACHINE 機碼下方。- localMachine indicates that the certificate store is under the HKEY_LOCAL_MACHINE key.
/s/s 指示憑證存放區是一個系統存放區。Indicates that the certificate store is a system store. 如果不指定此選項,會將存放區視為 StoreFileIf you do not specify this option, the store is considered to be a StoreFile.
/sha1 sha1Hash/sha1 sha1Hash 指定憑證、CTL 或 CRL 的 SHA1 雜湊來進行加入、刪除或儲存。Specifies the SHA1 hash of the certificate, CTL, or CRL to add, delete, or save.
/v/v 指定詳細資訊模式;顯示憑證、CTL 和 CRL 的詳細資訊。Specifies verbose mode; displays detailed information about certificates, CTLs, and CRLs. 這個選項無法與 /add/del/put 選項一起使用。This option cannot be used with the /add, /del, or /put options.
/y provider/y provider 指定存放區提供者名稱。Specifies the store provider name.
/7/7 將目的存放區儲存成 PKCS #7 物件。Saves the destination store as a PKCS #7 object.
/?/? 顯示工具的命令語法和選項。Displays command syntax and options for the tool.

備註Remarks

Certmgr.exe 會執行下列幾種基本功能:Certmgr.exe performs the following basic functions:

  • 將憑證、CTL 和 CRL 顯示到主控台。Displays certificates, CTLs, and CRLs to the console.

  • 將憑證、CTL 和 CRL 加入憑證存放區。Adds certificates, CTLs, and CRLs to a certificate store.

  • 從憑證存放區刪除憑證、CTL 和 CRL。Deletes certificates, CTLs, and CRLs from a certificate store.

  • 將 X.509 憑證、CTL 或 CRL 從憑證存放區儲存到檔案。Saves an X.509 certificate, CTL, or CRL from a certificate store to a file.

Certmgr.exe 可使用於兩種憑證存放區類型:StoreFile 和系統存放區。Certmgr.exe works with two types of certificate stores: StoreFile and system store. 您沒有必要指定憑證存放區的類型,Certmgr.exe 會識別存放區類型,並執行適當的作業。It is not necessary to specify the type of certificate store; Certmgr.exe can identify the store type and perform the appropriate operations.

在沒有指定任何選項的情況下執行 Certmgr.exe 將會啟動 certmgr.msc 嵌入式管理單元,這個單元含有 GUI,會幫助憑證管理工作,您也可以從命令列使用這些憑證管理工作。Running Certmgr.exe without specifying any options launches the certmgr.msc snap-in, which has a GUI that helps with the certificate management tasks that are also available from the command line. GUI 提供一個可從磁碟將憑證、CTL 和 CRL 複製到憑證存放區的匯入精靈。The GUI provides an import wizard, which copies certificates, CTLs, and CRLs from your disk to a certificate store.

您可以編譯並執行下列程式碼以找到 X509Certificate 存放 sourceStorenamedestinationStorename 參數的名字。You can find the names of X509Certificate stores for the sourceStorename and destinationStorename parameters by compiling and running the following code.

using System;
using System.Security.Cryptography.X509Certificates;

public class Example
{
   public static void Main()
   {
      foreach (var storeValue in Enum.GetValues(typeof(StoreName))) {
         X509Store store = new X509Store((StoreName) storeValue);
         store.Open(OpenFlags.ReadOnly);
         Console.WriteLine(store.Name);
      }  
   }
}
Imports System.Security.Cryptography.X509Certificates

Module Example
   Public Sub Main()
      For Each storeValue In [Enum].GetValues(GetType(StoreName))
        Dim store As New X509Store(CType(storeValue, StoreName))
        store.Open(OpenFlags.ReadOnly)
        Console.WriteLine(store.Name)
      Next
   End Sub
End Module

如需憑證的詳細資訊,請參閱使用憑證For more information about certificates, see Working with Certificates.

範例Examples

下列命令會顯示叫做 my 且具有詳細資訊輸出的預設系統存放區。The following command displays a default system store called my with verbose output.

certmgr /v /s my  

下列命令會將 myFile.ext 檔案中的所有憑證加入到名為 newFile.ext 的新檔案中。The following command adds all the certificates in a file called myFile.ext to a new file called newFile.ext.

certmgr /add /all /c myFile.ext newFile.ext  

下列命令會將 testcert.cer 檔案中的憑證加入至 my 系統存放區。The following command adds the certificate in a file named testcert.cer to the my system store.

certmgr /add /c testcert.cer /s my  

下列命令會將 TrustedCert.cer 檔案中的憑證加入至根憑證存放區。The following command adds the certificate in a file named TrustedCert.cer to the root certificate store.

certmgr /c /add TrustedCert.cer /s root  

下列命令會將 myCert 系統存放區中通用名稱為 my 的憑證儲存到名為 newCert.cer 的檔案。The following command saves a certificate with the common name myCert in the my system store to a file called newCert.cer.

certmgr /add /c /n myCert /s my newCert.cer  

下列命令會刪除 my 系統存放區中的所有 CTL,並將產生的存放區儲存到名為 newStore.str 的檔案。The following command deletes all CTLs in the my system store and saves the resulting store to a file called newStore.str.

certmgr /del /all /ctl /s my newStore.str  

下列命令會將 my 系統存放區中的憑證儲存在 newFile 檔案。The following command saves a certificate in the my system store in the file newFile. 系統會提示您輸入來自 my 的憑證號碼,以便放置在 newFile 中。You will be prompted to enter the certificate number from my to put in newFile.

certmgr /put /c /s my newFile  

另請參閱See also