NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Certificate Manager Utility (certmgr.exe)

Certmgr (the Certificate Manager utility) manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs). It performs the following basic functions:

Certmgr works with two kinds of certificate stores: StoreFile and system store. It is not necessary to specify the type of store file; certmgr can identify the StoreFile type and perform the appropriate operations. Running this utility without any options launches a wizard that helps with certificate management.

Syntax

certmgr [/add | /del | /put] [arguments] [/s[/r RegistryLocation]] Storename

Arguments

Argument Description
/add Adds certificates from one certificate store to another.
/delete Deletes certificates.
/put Saves an X.509-encoded certificate, CTL, or CRL to a file.
/c Adds certificates when used with /add; deletes certificates when used with /del. Displays certificates when used without the /add or the /delete option.
/all Adds all the entries if used with /add; deletes all the entries if used with /del.
/7 Saves the destination store as a PKCS#7 object.
/n commonName String Specifies the common name of the certificate to add or delete. This option can only be used with certificates; it cannot be used with CTLs or CRLs.
/sha1 sha1Hash The SHA1 hash of the certificate, CTL, or CRL to add or delete.
/CTL Adds or deletes certificate trust lists (CTLs). Displays certificate trust lists when used without the /add or the /delete option.
/CRL Adds or deletes certificate revocation lists (CRLs). Displays certificate revocation lists when used without the /add or the /delete option.
/s Indicates the store is a system store. If this option is not specified, the store is a StoreFile.
/r

RegistryLocation

Identifies the registry location of the system certificate store. This option is considered only if the /s option is specified. Registry location must be either currentUser (indicating that the certificate store is under the HKEY_CURRENT_USER key [the default]) or localMachine (indicating that the store is under HKEY_LOCAL_MACHINE).
/? Displays Help for the utility.
/v Verbose mode. Displays detailed information about certificates (CTLs and CRLs). This option cannot be used with the /add or the /delete options.
/y storeProviderType Specifies the store provider type.
/f dwFlags Specifies the store open flag. This is the dwFlags parameter passed to CertOpenStore. The default value is CERT_SYSTEM_STORE_CURRENT_USER. This option is considered only if the /y option is used.
/e encodingType Specifies the certificate encoding type.

Examples

The following examples show some of the certmgr utility's functions. Each sample command line is followed by a description.

Use the following example to view a system store called my.

certmgr /s my

Use the following example to add all the certificates in a file called myfile.ext to a new file called newFile.ext.

certmgr /add /all /c myFile.ext newFile.ext

Use the following example to move a certificate with a common name myCert in my system store to a file called newCert.cer.

certmgr /add /c /n myCert /s my newCert.cer

Use the following example to delete all the CTLs in my system store and save the resulting store to a file called newStore.str.

certmgr /del /all /ctl /s my newStore.str