CertMgr

CertMgr (Certmgr.exe) is a command-line CryptoAPI tool that manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).

CertMgr supports a large number of switches, but this section describes only those that are relevant to managing test certificates within a certificate store.

    CertMgr [/add|/del|/put] [Switches] [/s [/r RegistryLocation ] ] SourceName [/s [/r RegistryLocation] ] [DestinationName]

Partial list of operations, switches, and arguments

Operations

add
Configures CertMgr to add certificates, CTLs, or CRLs from the file specified by SourceName to the certificate store specified by DestinationName.

del
Configures CertMgr to delete certificates, CTLs, or CRLs in the certificate store specified by SourceName from the certificate store specified by DestinationName. If DestinationName is not specified, SourceName will also serve as the destination store and will be modified.

put
Configures CertMgr to save certificates, CTLs, or CRLs from the certificate store specified by SourceName to a file specified by DestinationName.

none
If no command is specified, CertMgr displays all the certificates, CTLs, or CRLs in the certificate store or file specified by SourceName.

Switches and Arguments

/c
Configures CertMgr to only process certificates from the file specified by SourceName.

/CTL
Configures CertMgr to only process CTLs from the file specified by SourceName.

/CRL
Configures CertMgr to only process CRLs from the file specified by SourceName.

/s
Configures CertMgr to access the certificate store specified by SourceName or DestinationName as a system store.

/r registryLocation
Specifies the registry location of the system certificate store. The /r switch is only valid when used with the /s switch. The registryLocation argument must be either:

currentUser
Specifies the registry location HKEY_CURRENT_USER.

localMachine
Specifies the registry location HKEY_LOCAL_MACHINE.

If the /r switch is not specified along with the /s switch, currentUser is the default.

For more information about these certificate stores, see Certificate Stores.

/v
Configures CertMgr to display detailed information about certificates, CTLs, and CRLs. If this switch is not specified, CertMgr only displays brief information.

Comments

To use CertMgr, the user must be a member of the Administrators group on the system and run the command from an elevated command prompt.

For a complete list of CertMgr parameters, see the Certificate Manager Tool website.

A 32-bit version of the CertMgr tool is located in the bin\i386 folder of the WDK. A 64-bit version of the tool is located in the bin\amd64 and bin\ia64 folders of the WDK.

Example

The following two CertMgr commands add the certificate in the file OutputFile.cer to the Trusted Root Certification Authorities certificate store and the Trusted Publishers certificate store.

CertMgr /add OutputFile.cer /s /r localMachine root 
CertMgr /add OutputFile.cer /s /r localMachine trustedpublisher