[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3435
  • Last Modified:

is there a way to run certutil for remote computer? switch -dc doesn't work

Hello,
I found this command that exports the certificates from computer personal store into text file. It is exactly what I need except is there is a way to query the remote servers to get the same info from computer personal store for the cert?

HEre is the command line that I need to work with remote computer:

certutil -store -v my > export.txt

WHen I run this command specifying the remote server I get this error:
certutil –store –v my –dc servername01 > >\output.txt

CertUtil: -store command FAILED: 0x80090011 (-2146893807)
CertUtil: Object was not found.


To display the certificates in the Local Machine certificate store:
CERTUTIL -store [-f] [-enterprise] [-user] [-gmt] [-seconds] [-silent] [-v] [-dc dc_name] certificate_store_name [certificate_id [output_file]]
0
creative555
Asked:
creative555
  • 5
  • 3
1 Solution
 
Dave HoweCommented:
no, you can't, however, you *can* take advantage of the fact that
a) keystores are actually only registry keys and
b) you can remotely access the registry
to pull those keys directly :)

take a look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates and the matching subkeys under HKEY_USERS for the actual data.
0
 
creative555Author Commented:
I dont see HKEY_Users. I need certificates in the Personal Computer Store (like the one you access choosing Local computer through certificates MMC)

certsregistry.jpg
0
 
creative555Author Commented:
Is this the Path?

HKLM\SOFTWARE\Microsoft\SystemCertificates\My
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
creative555Author Commented:
I know i get personall store certificates if I run this command. but same problem here, it doesn't perform remotely. SO, if I do it with registry, I dont have to login to each server :)
certutil –store –v my > >\output.txt
Please help
0
 
creative555Author Commented:
no....I get gibberish when I query registry with this script:

REG QUERY "\\%1\HKLM\SOFTWARE\Microsoft\SystemCertificates\My" /s>>%1getcertificate.log

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\14112D41A9203426085713524253EA7E50D8F4DB
    Blob    REG_BINARY    0F0000000100000014000000EFB235E2DCFC582433E28B90F07EE61CA07CA6051900000001000000100000001AC126B4D3233132F7975A11FEAD02D203000000010000001400000014112D41A9203426085713524253EA7E50D8F4DB0200000001000000A40000001C0000004400000001000000200000000000000000000000010000004C00490056004500570049005200450043004F004E005400410049004E00450052000000000000004D006900630072006F0073006F0066007400200045006E00680061006E006300650064002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E00300000000000140000000100000014000000BC3162CA9B196DD4F45D67F8782169D208BCDBB304000000010000001000000046B003A6BF119874E13F91ED7950D9745C0000000100000004000000000400002000000001000000BD010000308201B930820126A00302010202100D065305586BBBBE4B45DC7146124E31300906052B0E03021D0500301F311D301B060355040313144C69766577697265204365727469666963617465301E170D3133303732353231303732365A170D3233303732353231303732365A301F311D301B060355040313144C6976657769726520436572746966696361746530819F300D06092A864886F70D010101050003818D003081890281810097E545AA4C55371AD90EC37270D3ECDC134FA13BF99EB549AFECC4972F10B6337EF3779121073D3461A1C7843120F0F1AAB492DB6026D26D0A6361B3BF9DC8ED4AF2EA50F7BA3001D24A06536BF3BFF991F5F24C8E6BC188B9DB43BE91B41A31252D7C0CBBBD79EFDF12743905CD488C7F20AA76F6F354C1C6F172BA797B39030203010001300906052B0E03021D0500038181003A9FA0B5E70339D910900647C070F69935E3A158222BBA2331F57116C74C041C000CDD26FD1A4E6E3789877AE31F44A719DC1F9B05DE207F10CEAD076C17B24432EE4910CFEA0B7FD78536F3C9A3DC8A4C60159BB13E94CC510494F07C071C9220D73EB581E067DF15888A5234C9566E71A5D43665D65FEC834F6B9BA422C397

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\1AA85C08A2A1BBFD021776E7059E7AFF191CC49C
    Blob    REG_BINARY    5C0000000100000004000000000400001900000001000000100000000B5D4AD1F311A3CF9641ED7EC6737C01140000000100000014000000A44FEF08569EA3313B4930AD7228DB72FA53B4A00B000000010000006000000053004D00530020005300690067006E0069006E006700200043006500720074006900660069006300610074006500000053004D005300200045006E006300720079007000740069006F006E00200043006500720074006900660069006300610002000000010000007C0000001C00000024000000010000006100000000000000000000000200000053004D00530000004D006900630072006F0073006F0066007400200042006100730065002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E003000000000000300000001000000140000001AA85C08A2A1BBFD021776E7059E7AFF191CC49C040000000100000010000000758650FDAB29DD65584D4D49D9D0E82B0F0000000100000014000000B9EA97D8EED7CBA8F5FE8900A5EEA8FAFB04DF9C2000000001000000DE010000308201DA30820147A00302010202108CAC8D1BC29F35884288E3D01C030B31300906052B0E03021D0500302231123010060355040313094E415044434D303146310C300A06035504031303534D533020170D3035313130333031333432355A180F32313035313031303031333432355A302231123010060355040313094E415044434D303146310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100A53DE5A6777A9FE599F669F1A2D33BFBE8CDC80E45E8464918BF90B61355194B352481B9C0449F97B28F5E39C2D4531665CCE40F99332EF2A5809DA926842E5BB47114E9DEAE85DCA1CA24D75836F46FB8A12FA282CD80C0A98904289366EC9E4E6C796440E58B3AC28C7878955854B02A1E7796AF8D925AD6AF546FB6043A5F0203010001A317301530130603551D25040C300A06082B06010401823765300906052B0E03021D05000381810044B35460238DF1955A2E2BDA95EB0B7016715DF52F2FFA1955C8229808AC28400688A8CED645EC2B109F4B6E8CB1C3C86E3736CB2EA7895C51A31B62C1047F3DCB1E55581C6CDC8E4B03A23FF1D686F6AC706FED57089509EF6CF532542212861E5B3C6BDC946D64DD2E0C735614DD0966E65C9C4E6C6FB497A574E3A14424FE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\271BA51FE56B5F9977EA3922E86EC8DFDD779908
    Blob    REG_BINARY    5C000000010000000400000000080000180000000100000010000000480B86E94FE3E1A15D18F3EEF8DEB4CA040000000100000010000000BC1D51B54698EDA46ED04DDF79A5E8B9140000000100000014000000D1656DC09E68E4C3D29B013E76953FE1F0B6061502000000010000000C0100001C000000AC0000000C00000020000000000000000000000001000000620030006100340031003300360061003300350032003200620063003800640032003600650061003200360034006600660030003400340066003600390031005F00610031003300640037006300320033002D0034003600360065002D0034003700390065002D0039003600390034002D006500310032006100660039003700330062006400660031000000000000004D006900630072006F0073006F00660074002000520053004100200053004300680061006E006E0065006C002000430072007900700074006F0067007200610070006800690063002000500072006F0076006900640065007200000000000000030000000100000014000000271BA51FE56B5F9977EA3922E86EC8DFDD77990819000000010000001000000069633D93B2A9A62669F834A98E852E9C0F0000000100000014000000AF99AFCA5929D92DBE4D2658119F0E6E7873C905200000000100000067060000308206633082054BA003020102021036FEDAC83E7164E0AA4886AE2298B390300D06092A864886F70D01010505003081BE310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F727061202863293036313830360603550403132F566572695369676E20436C617373203320457874656E6465642056616C69646174696F6E2053534C20534743204341301E170D3130313131303030303030305A170D3131313131303233353935395A3082011631133011060B2B0601040182373C0201031302555331193017060B2B0601040182373C020102130844656C6177617265311D301B060355040F131450726976617465204F7267616E697A6174696F6E3110300E0603550405130730363733383039310B3009060355040613025553310E300C060355041114053930323435311330110603550408130A43616C69666F726E6961311330110603550407140A456C20536567756E646F311E301C0603550409141533333320436F6E74696E656E74616C20426C76642E31143012060355040A140B4D617474656C20496E632E31123010060355040B1409474C4F42414C20495431223020060355040314194E415044434D3031462E434F52502E4D415454454C2E434F4D30820122300D06092A864886F70D01010105000382010F003082010A0282010100C8E94DC9E4B0EADFEA56111C19739480F6F431CD0905D80058DB4882667C9CBBDA849CBE3C0E30C55444FC97F42AFAA23E72BCF4C1DD42C8DEA459E2B9374FA536831BF4662BEBC0FD93243ED80AE6565CE38A453C8BA838161B78F7ED01E1EB619F3EBB3C1B1AEF0803811584A3AA9B5BAF99BC635891C74B8B8A5E30EC789123DACD0F0EE0173842BA66D42EBBA4576F96D3AB376CFA8B30437979ADD709F6216D4DA94FFDE15D5C0DB7768E4A750C911B969544E9AE678002C7EFD4FB440BB756C562A53FB4886B36AEFD7E4380F2147A196F4483DB8DD609767059B11061E17EA901E1A69970F6DD3B45EC396F900EE485D2C0CBC7D5C01768E470B473610203010001A3820200308201FC30090603551D1304023000301D0603551D0E04160414D1656DC09E68E4C3D29B013E76953FE1F0B60615300B0603551D0F0404030205A030440603551D20043D303B3039060B6086480186F84501071706302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F727061303E0603551D1F043730353033A031A02F862D687474703A2F2F4556496E746C2D63726C2E766572697369676E2E636F6D2F4556496E746C323030362E63726C30340603551D25042D302B06082B0601050507030106082B0601050507030206096086480186F8420401060A2B0601040182370A0303301F0603551D230418301680144E43C81D76EF37537A4FF2586F94F338E2D5BDDF307606082B06010505070101046A3068302B06082B06010505073001861F687474703A2F2F4556496E746C2D6F6373702E766572697369676E2E636F6D303906082B06010505073002862D687474703A2F2F4556496E746C2D6169612E766572697369676E2E636F6D2F4556496E746C323030362E636572306E06082B0601050507010C04623060A15EA05C305A305830561609696D6167652F6769663021301F300706052B0E03021A04144B6BB92896060CBBD052389B29AC4B078B21051830261624687474703A2F2F6C6F676F2E766572697369676E2E636F6D2F76736C6F676F312E676966300D06092A864886F70D0101050500038201010040601100E0FE65CF6715B738EDCCBF6D00FCB1EB10458DDD37F64A34B39059B09731C74238C8C3DEC83DFF0F820B377BFACB7D4EF401D6EED86AB8DFAF78237209DECE7820321B5E036CE8C41092B90F054F148CB8B21EDDB0554A38FBC60ACC722CFA33B5D8F20F2A4D942534A188C1E2F18C9DF47EE8B13A93A84CA4E7BA1F44B9ECD40EF07A55FD96480D17B4CC157DCB2F6480A286AD8FA4D11FEE75DC81C46A32BC08FEF8941D02F03BF5D9730D985B2880043B8A7EA2828B1B2D9BEDCAB07416F530F3B8DAB7042A94C000F75DD53FCCEE2624D4863F956A41EA65EC5EB4B71469739AF6F4F89B5760AA1AF22CA8D8ED9DCAC1BA1DA6F80C5F3230FB7E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\5D34CDB7FB75BE7AB37EDA34A83217F90733A6AC
    Blob    REG_BINARY    5C0000000100000004000000000400001900000001000000100000006C35CEC48176108916DA47DBA5861E6A14000000010000001400000069621C338E05AB7C784B0D2AF16914E3D25620610B000000010000006C00000053004D005300200045006E006300720079007000740069006F006E0020004300650072007400690066006900630061007400650000000000745F1518000000002E3F415648726573756C74457863657074696F6E404572726F724043434D404000000000BF44FFFFF21C00000200000001000000740000001C00000024000000010000006100000000000000000000000100000053004D00530000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000000300000001000000140000005D34CDB7FB75BE7AB37EDA34A83217F90733A6AC040000000100000010000000BB934790778EADCD6B1E7256C1D6A6E80F000000010000001400000064C25B8C3A9DAA7CF56D7D21524E5F30B574AA0C2000000001000000DF010000308201DB30820148A0030201020210F4E91089BA8C9E9E4171F8CCB0A1A96E300906052B0E03021D0500302231123010060355040313094E415044434D303146310C300A06035504031303534D533020170D3035313130333031333432365A180F32313035313031303031333432365A302231123010060355040313094E415044434D303146310C300A06035504031303534D5330819F300D06092A864886F70D010101050003818D0030818902818100C0EAEB5BF84B80C39C10C2AA3724AE2C7CC405B6BF977E55C8003931F2E99AD93D41948F4F96AB3FE90DDC11AC8D105BD6A3F86746BD6CE8C1F068D5B550A1DD335527FB8A59986C14891AE49555846F09285B047BB203FEA1A19F03D0DCB67FAB363482AA78E0466244BC4407903828EBDEC4273C7373BAA5510FA2AD3A23DB0203010001A318301630140603551D25040D300B06092B0601040182376502300906052B0E03021D0500038181005E95DDEEAFADE08B472AB3D43C45AC098E7848E1F1572574D0E4D6A75681D3B902048C2F86661B8D6D6B64781D1FE0BB935E6DAEA2645F9B8E393F97DB36D57F422C8A8A4537D55C28A203868F8A8A462A7C33D6859DDA3DEF7BC15D4FC56CDB70CA0BC62AA202D1C663AD2D1E045320136328C45DEF1DE56A52A04E1586CDD4
0
 
Dave HoweCommented:
The certificates are in binary (blob) form; the key names however are the fingerprints for the certs. So, for instance, the cert "VeriSign Trust Network" (1998-2028) has the fingerprint
85 37 1C A6 E5 50 14 3D CE 28 03 47 1B DE 3A 09 E8 F8 77 0F

and a quick check in the registry finds me:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F

it is possible to convert the binary blob back into a usable DER file, but its not really required; re-adding the registry key restores the certificate to the keystore, which is all you usually want from a backup :)
0
 
creative555Author Commented:
hi,
THank you so much for your answer. The purpose of exporting certificates data is to inventory and determine if the applications are using those certs and not the backup. So, we do need to get the output like the one performed with this command:

certutil -store -v my

I guess I don't have a choice and have to login to each server - over 100 servers??

I tried powershell too and it gave me error unrecognizable output. We are using all 2003 DCs, so the powershell is not going to work for 2003 DC I guess? or I should be able to make powershell script do it with 2003 certificate local store?
0
 
Dave HoweCommented:
well you could try with psexec - - But still not sure what you are trying to achieve here. If you are looking for a specific cert in the local machine MY keystore, then that is going to be a subkey under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates - if you know it's SHA1 hash, then you can check if it exists or does not exist.  If you need to read it, that's harder, as the file format seems to be some sort of MS propitiatory thing, doesn't match any of the standard DER/BER encodings I am used to (you can extract strings from it easily enough though)
0
 
SykehuspartnerCommented:
# To get certificate information
cls

# Windows 2012 / 2008R2 local
certutil -view -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG CSV >C:\temp\certutil.txt

# Windows 2008  Local
certutil -view -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG >C:\temp\certutil.txt

# To get information remote because  Windows 2008 does not support[ csv]
# Windows 2008 R2 Remote
certutil -dump  # to get –config string

certutil -view -config "host.domain.com\Company Issuing CA 1" -out "RequestID,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" LOG csv >C:\temp\certutil.txt
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now