CertMgr can be used to view certificates, certificate revocation lists (CRLs), and certificate trust lists (CTLs) from a file or a certificate store, to copy certificates into a certificate store, to delete certificates from a certificate store, and to save certificates to files.
When CertMgr is used without options, a CertMgr wizard appears to guide the user through the operation.
The file must be one of the following types:
- An encoded CTL, CRL, or certificate file (could be base-64 encoded)
- A PKCS #7 file
- An SPC file
- A signed document
- A serialized storeFile
The following examples use CertMgr commands to perform common certificate tasks.
- View the certificates, CRLs, and CTLs from MyFile.ext.
- View the certificates, CRLs, and CTLs from the MY system store.
certmgr -s my
- Copy all the certificates, CRLs, and CTLs in a file named MyFile.ext to a new file, called NewFile.ext.
certmgr -add -all -c MyFile.ext NewFile.ext
- Copy all the certificates, CRLs, and CTLs from the MY system store to a file called NewMyFile.ext.
certmgr -add -all -c -s my NewMyFile.ext
- Copy a certificate with the common name MyCert in the MY system store to a file called NewCert.cer.
certmgr -add -c -n MyCert -s my NewCert.cer
- Delete all the certificates from the MY system store.
certmgr -del -all -c -s my
- Delete all the CTLs from the MY system store and save the resulting store to a file called NewStore.str.
certmgr -del -all -ctl -s my NewStore.str
- Save, to a file called NewCert.cer, a certificate that is an X.509 encoded certificate, that has the common name MyCert, and that is located in the Root certificate store.
certmgr -put -c -n MyCert -s root NewCert.cer