Solved

is there a way to run certutil for remote computer? switch -dc doesn't work

Posted on 2015-02-24
9
1,920 Views
Last Modified: 2015-11-25
Hello,
I found this command that exports the certificates from computer personal store into text file. It is exactly what I need except is there is a way to query the remote servers to get the same info from computer personal store for the cert?

HEre is the command line that I need to work with remote computer:

certutil -store -v my > export.txt

WHen I run this command specifying the remote server I get this error:
certutil –store –v my –dc servername01 > >\output.txt

CertUtil: -store command FAILED: 0x80090011 (-2146893807)
CertUtil: Object was not found.


To display the certificates in the Local Machine certificate store:
CERTUTIL -store [-f] [-enterprise] [-user] [-gmt] [-seconds] [-silent] [-v] [-dc dc_name] certificate_store_name [certificate_id [output_file]]
0
Comment
Question by:creative555
  • 5
  • 3
9 Comments
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
no, you can't, however, you *can* take advantage of the fact that
a) keystores are actually only registry keys and
b) you can remotely access the registry
to pull those keys directly :)

take a look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates and the matching subkeys under HKEY_USERS for the actual data.
0
 

Author Comment

by:creative555
Comment Utility
I dont see HKEY_Users. I need certificates in the Personal Computer Store (like the one you access choosing Local computer through certificates MMC)

certsregistry.jpg
0
 

Author Comment

by:creative555
Comment Utility
Is this the Path?

HKLM\SOFTWARE\Microsoft\SystemCertificates\My
0
 

Author Comment

by:creative555
Comment Utility
I know i get personall store certificates if I run this command. but same problem here, it doesn't perform remotely. SO, if I do it with registry, I dont have to login to each server :)
certutil –store –v my > >\output.txt
Please help
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:creative555
Comment Utility
no....I get gibberish when I query registry with this script:

REG QUERY "\\%1\HKLM\SOFTWARE\Microsoft\SystemCertificates\My" /s>>%1getcertificate.log

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\14112D41A9203426085713524253EA7E50D8F4DB
    Blob    REG_BINARY    0F0000000100000014000000EFB235E2DCFC582433E28B90F07EE61CA07CA6051900000001000000100000001AC126B4D3233132F7975A11FEAD02D203000000010000001400000014112D41A9203426085713524253EA7E50D8F4DB0200000001000000A40000001C0000004400000001000000200000000000000000000000010000004C00490056004500570049005200450043004F004E005400410049004E00450052000000000000004D006900630072006F0073006F0066007400200045006E00680061006E006300650064002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E00300000000000140000000100000014000000BC3162CA9B196DD4F45D67F8782169D208BCDBB304000000010000001000000046B003A6BF119874E13F91ED7950D9745C0000000100000004000000000400002000000001000000BD010000308201B930820126A00302010202100D065305586BBBBE4B45DC7146124E31300906052B0E03021D0500301F311D301B060355040313144C69766577697265204365727469666963617465301E170D3133303732353231303732365A170D3233303732353231303732365A301F311D301B060355040313144C6976657769726520436572746966696361746530819F300D06092A864886F70D010101050003818D003081890281810097E545AA4C55371AD90EC37270D3ECDC134FA13BF99EB549AFECC4972F10B6337EF3779121073D3461A1C7843120F0F1AAB492DB6026D26D0A6361B3BF9DC8ED4AF2EA50F7BA3001D24A06536BF3BFF991F5F24C8E6BC188B9DB43BE91B41A31252D7C0CBBBD79EFDF12743905CD488C7F20AA76F6F354C1C6F172BA797B39030203010001300906052B0E03021D0500038181003A9FA0B5E70339D910900647C070F69935E3A158222BBA2331F57116C74C041C000CDD26FD1A4E6E3789877AE31F44A719DC1F9B05DE207F10CEAD076C17B24432EE4910CFEA0B7FD78536F3C9A3DC8A4C60159BB13E94CC510494F07C071C9220D73EB581E067DF15888A5234C9566E71A5D43665D65FEC834F6B9BA422C397

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\1AA85C08A2A1BBFD021776E7059E7AFF191CC49C
    Blob    REG_BINARY    5C0000000100000004000000000400001900000001000000100000000B5D4AD1F311A3CF9641ED7EC6737C01140000000100000014000000A44FEF08569EA3313B4930AD7228DB72FA53B4A00B000000010000006000000053004D00530020005300690067006E0069006E006700200043006500720074006900660069006300610074006500000053004D005300200045006E006300720079007000740069006F006E00200043006500720074006900660069006300610002000000010000007C0000001C00000024000000010000006100000000000000000000000200000053004D00530000004D006900630072006F0073006F0066007400200042006100730065002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E003000000000000300000001000000140000001AA85C08A2A1BBFD021776E7059E7AFF191CC49C040000000100000010000000758650FDAB29DD65584D4D49D9D0E82B0F0000000100000014000000B9EA97D8EED7CBA8F5FE8900A5EEA8FAFB04DF9C2000000001000000DE010000308201DA30820147A00302010202108CAC8D1BC29F35884288E3D01C030B31300906052B0E03021D0500302231123010060355040313094E415044434D303146310C300A06035504031303534D533020170D3035313130333031333432355A180F32313035313031303031333432355A302231123010060355040313094E415044434D303146310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100A53DE5A6777A9FE599F669F1A2D33BFBE8CDC80E45E8464918BF90B61355194B352481B9C0449F97B28F5E39C2D4531665CCE40F99332EF2A5809DA926842E5BB47114E9DEAE85DCA1CA24D75836F46FB8A12FA282CD80C0A98904289366EC9E4E6C796440E58B3AC28C7878955854B02A1E7796AF8D925AD6AF546FB6043A5F0203010001A317301530130603551D25040C300A06082B06010401823765300906052B0E03021D05000381810044B35460238DF1955A2E2BDA95EB0B7016715DF52F2FFA1955C8229808AC28400688A8CED645EC2B109F4B6E8CB1C3C86E3736CB2EA7895C51A31B62C1047F3DCB1E55581C6CDC8E4B03A23FF1D686F6AC706FED57089509EF6CF532542212861E5B3C6BDC946D64DD2E0C735614DD0966E65C9C4E6C6FB497A574E3A14424FE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\271BA51FE56B5F9977EA3922E86EC8DFDD779908
    Blob    REG_BINARY    5C000000010000000400000000080000180000000100000010000000480B86E94FE3E1A15D18F3EEF8DEB4CA040000000100000010000000BC1D51B54698EDA46ED04DDF79A5E8B9140000000100000014000000D1656DC09E68E4C3D29B013E76953FE1F0B6061502000000010000000C0100001C000000AC0000000C00000020000000000000000000000001000000620030006100340031003300360061003300350032003200620063003800640032003600650061003200360034006600660030003400340066003600390031005F00610031003300640037006300320033002D0034003600360065002D0034003700390065002D0039003600390034002D006500310032006100660039003700330062006400660031000000000000004D006900630072006F0073006F00660074002000520053004100200053004300680061006E006E0065006C002000430072007900700074006F0067007200610070006800690063002000500072006F0076006900640065007200000000000000030000000100000014000000271BA51FE56B5F9977EA3922E86EC8DFDD77990819000000010000001000000069633D93B2A9A62669F834A98E852E9C0F0000000100000014000000AF99AFCA5929D92DBE4D2658119F0E6E7873C905200000000100000067060000308206633082054BA003020102021036FEDAC83E7164E0AA4886AE2298B390300D06092A864886F70D01010505003081BE310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F727061202863293036313830360603550403132F566572695369676E20436C617373203320457874656E6465642056616C69646174696F6E2053534C20534743204341301E170D3130313131303030303030305A170D3131313131303233353935395A3082011631133011060B2B0601040182373C0201031302555331193017060B2B0601040182373C020102130844656C6177617265311D301B060355040F131450726976617465204F7267616E697A6174696F6E3110300E0603550405130730363733383039310B3009060355040613025553310E300C060355041114053930323435311330110603550408130A43616C69666F726E6961311330110603550407140A456C20536567756E646F311E301C0603550409141533333320436F6E74696E656E74616C20426C76642E31143012060355040A140B4D617474656C20496E632E31123010060355040B1409474C4F42414C20495431223020060355040314194E415044434D3031462E434F52502E4D415454454C2E434F4D30820122300D06092A864886F70D01010105000382010F003082010A0282010100C8E94DC9E4B0EADFEA56111C19739480F6F431CD0905D80058DB4882667C9CBBDA849CBE3C0E30C55444FC97F42AFAA23E72BCF4C1DD42C8DEA459E2B9374FA536831BF4662BEBC0FD93243ED80AE6565CE38A453C8BA838161B78F7ED01E1EB619F3EBB3C1B1AEF0803811584A3AA9B5BAF99BC635891C74B8B8A5E30EC789123DACD0F0EE0173842BA66D42EBBA4576F96D3AB376CFA8B30437979ADD709F6216D4DA94FFDE15D5C0DB7768E4A750C911B969544E9AE678002C7EFD4FB440BB756C562A53FB4886B36AEFD7E4380F2147A196F4483DB8DD609767059B11061E17EA901E1A69970F6DD3B45EC396F900EE485D2C0CBC7D5C01768E470B473610203010001A3820200308201FC30090603551D1304023000301D0603551D0E04160414D1656DC09E68E4C3D29B013E76953FE1F0B60615300B0603551D0F0404030205A030440603551D20043D303B3039060B6086480186F84501071706302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F727061303E0603551D1F043730353033A031A02F862D687474703A2F2F4556496E746C2D63726C2E766572697369676E2E636F6D2F4556496E746C323030362E63726C30340603551D25042D302B06082B0601050507030106082B0601050507030206096086480186F8420401060A2B0601040182370A0303301F0603551D230418301680144E43C81D76EF37537A4FF2586F94F338E2D5BDDF307606082B06010505070101046A3068302B06082B06010505073001861F687474703A2F2F4556496E746C2D6F6373702E766572697369676E2E636F6D303906082B06010505073002862D687474703A2F2F4556496E746C2D6169612E766572697369676E2E636F6D2F4556496E746C323030362E636572306E06082B0601050507010C04623060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A04144B6BB92896060CBBD052389B29AC4B078B21051830261624687474703A2F2F6C6F676F2E766572697369676E2E636F6D2F76736C6F676F312E676966300D06092A864886F70D0101050500038201010040601100E0FE65CF6715B738EDCCBF6D00FCB1EB10458DDD37F64A34B39059B09731C74238C8C3DEC83DFF0F820B377BFACB7D4EF401D6EED86AB8DFAF78237209DECE7820321B5E036CE8C41092B90F054F148CB8B21EDDB0554A38FBC60ACC722CFA33B5D8F20F2A4D942534A188C1E2F18C9DF47EE8B13A93A84CA4E7BA1F44B9ECD40EF07A55FD96480D17B4CC157DCB2F6480A286AD8FA4D11FEE75DC81C46A32BC08FEF8941D02F03BF5D9730D985B2880043B8A7EA2828B1B2D9BEDCAB07416F530F3B8DAB7042A94C000F75DD53FCCEE2624D4863F956A41EA65EC5EB4B71469739AF6F4F89B5760AA1AF22CA8D8ED9DCAC1BA1DA6F80C5F3230FB7E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\5D34CDB7FB75BE7AB37EDA34A83217F90733A6AC
    Blob    REG_BINARY    5C0000000100000004000000000400001900000001000000100000006C35CEC48176108916DA47DBA5861E6A14000000010000001400000069621C338E05AB7C784B0D2AF16914E3D25620610B000000010000006C00000053004D005300200045006E006300720079007000740069006F006E0020004300650072007400690066006900630061007400650000000000745F1518000000002E3F415648726573756C74457863657074696F6E404572726F724043434D404000000000BF44FFFFF21C00000200000001000000740000001C00000024000000010000006100000000000000000000000100000053004D00530000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000000300000001000000140000005D34CDB7FB75BE7AB37EDA34A83217F90733A6AC040000000100000010000000BB934790778EADCD6B1E7256C1D6A6E80F000000010000001400000064C25B8C3A9DAA7CF56D7D21524E5F30B574AA0C2000000001000000DF010000308201DB30820148A0030201020210F4E91089BA8C9E9E4171F8CCB0A1A96E300906052B0E03021D0500302231123010060355040313094E415044434D303146310C300A06035504031303534D533020170D3035313130333031333432365A180F32313035313031303031333432365A302231123010060355040313094E415044434D303146310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100C0EAEB5BF84B80C39C10C2AA3724AE2C7CC405B6BF977E55C8003931F2E99AD93D41948F4F96AB3FE90DDC11AC8D105BD6A3F86746BD6CE8C1F068D5B550A1DD335527FB8A59986C14891AE49555846F09285B047BB203FEA1A19F03D0DCB67FAB363482AA78E0466244BC4407903828EBDEC4273C7373BAA5510FA2AD3A23DB0203010001A318301630140603551D25040D300B06092B0601040182376502300906052B0E03021D0500038181005E95DDEEAFADE08B472AB3D43C45AC098E7848E1F1572574D0E4D6A75681D3B902048C2F86661B8D6D6B64781D1FE0BB935E6DAEA2645F9B8E393F97DB36D57F422C8A8A4537D55C28A203868F8A8A462A7C33D6859DDA3DEF7BC15D4FC56CDB70CA0BC62AA202D1C663AD2D1E045320136328C45DEF1DE56A52A04E1586CDD4
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
The certificates are in binary (blob) form; the key names however are the fingerprints for the certs. So, for instance, the cert "VeriSign Trust Network" (1998-2028) has the fingerprint
85 37 1C A6 E5 50 14 3D CE 28 03 47 1B DE 3A 09 E8 F8 77 0F

and a quick check in the registry finds me:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F

it is possible to convert the binary blob back into a usable DER file, but its not really required; re-adding the registry key restores the certificate to the keystore, which is all you usually want from a backup :)
0
 

Author Comment

by:creative555
Comment Utility
hi,
THank you so much for your answer. The purpose of exporting certificates data is to inventory and determine if the applications are using those certs and not the backup. So, we do need to get the output like the one performed with this command:

certutil -store -v my

I guess I don't have a choice and have to login to each server - over 100 servers??

I tried powershell too and it gave me error unrecognizable output. We are using all 2003 DCs, so the powershell is not going to work for 2003 DC I guess? or I should be able to make powershell script do it with 2003 certificate local store?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
Comment Utility
well you could try with psexec - - But still not sure what you are trying to achieve here. If you are looking for a specific cert in the local machine MY keystore, then that is going to be a subkey under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates - if you know it's SHA1 hash, then you can check if it exists or does not exist.  If you need to read it, that's harder, as the file format seems to be some sort of MS propitiatory thing, doesn't match any of the standard DER/BER encodings I am used to (you can extract strings from it easily enough though)
0
 

Expert Comment

by:Sykehuspartner
Comment Utility
# To get certificate information
cls

# Windows 2012 / 2008R2 local
certutil -view -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG CSV >C:\temp\certutil.txt

# Windows 2008  Local
certutil -view -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG >C:\temp\certutil.txt

# To get information remote because  Windows 2008 does not support[ csv]
# Windows 2008 R2 Remote
certutil -dump  # to get –config string

certutil -view -config "host.domain.com\Company Issuing CA 1" -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG csv >C:\temp\certutil.txt
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
https to http for whole site 3 35
Symantec enterprise client 5 33
Cisco ACS re-imaging with CIMC 2 42
iOS and Managed domains 2 53
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now