Certificates (Windows)


Certutil (Windows Server 2012)

certutil -getreg ca\csp\CNGHashAlgorithm
certutil -setreg ca\csp\CNGHashAlgorithm SHA256



CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]
certreq -submit -attrib "CertificateTemplate:WebServer" certRequest.req certnew.cer certnew.pfx



Important caveats

From the Microsoft website:

Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.

MMC Consoles

certmgr.msc	(current user)
certlm.msc	(local machine)

Current user

Get-ChildItem -Path cert:\CurrentUser\My

Local Machine

Get-ChildItem -Path cert:\LocalMachine\root
Get-ChildItem -Path cert:\LocalMachine\TrustedPeople

Search certificates by thumbnail

This searches for a certificate thumbnail within the specified store.

$thumbnail = "E5CC5CA2A198DEAB1ABB5F2B7A0B2EEEFA4C52D4"
$location = "LocalMachine"

Get-ChildItem -Recurse -Path "cert:\$location\*"  | Where-Object {$_.Thumbprint -eq $thumbnail}

Remove imported certificates

$username = "myuser"

(Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Subject -match $username}) | Remove-Item
(Get-ChildItem Cert:\LocalMachine\TrustedPeople | Where-Object {$_.Subject -match $username}) | Remove-Item

#Delete by thumbprint
Get-ChildItem Cert:\LocalMachine\My\D20159B7772E33A6A33E436C938C6FE764367396 | Remove-Item

#Delete by subject/serialnumber/issuer/whatever
Get-ChildItem Cert:\LocalMachine\My |
Where-Object { $_.Subject -match 'Frode F' } |

Convert a pfx file to pem

openssl pkcs12 -in cert.pfx -nocerts -nodes -out cert_key.pem -passin pass: -passout pass: