List installed personal certificates in batch












6















I use a few secure websites that require me to install a PFX certificate to access them. I have multiple computers I do this from, and I need a quick way of determining which ones in which I still need to install the certificate.



Is there a way I can list all the certificates in the Personal store using batch commands? I can run the command remotely, but I'm not aware of any method to list them.



"How can I get a list of installed certificates on Windows?" is a similar question but I'm looking for a solution specific to command line. The answers there all involve using the GUI or Powershell.



enter image description here










share|improve this question

























  • What OS are you using?

    – EBGreen
    Dec 19 '13 at 18:43











  • I'm using Windows 7

    – Moses
    Dec 19 '13 at 18:57






  • 3





    @Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

    – Iszi
    Dec 19 '13 at 20:40








  • 1





    @Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

    – allquixotic
    Dec 19 '13 at 20:55






  • 1





    @allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

    – Iszi
    Dec 19 '13 at 20:58


















6















I use a few secure websites that require me to install a PFX certificate to access them. I have multiple computers I do this from, and I need a quick way of determining which ones in which I still need to install the certificate.



Is there a way I can list all the certificates in the Personal store using batch commands? I can run the command remotely, but I'm not aware of any method to list them.



"How can I get a list of installed certificates on Windows?" is a similar question but I'm looking for a solution specific to command line. The answers there all involve using the GUI or Powershell.



enter image description here










share|improve this question

























  • What OS are you using?

    – EBGreen
    Dec 19 '13 at 18:43











  • I'm using Windows 7

    – Moses
    Dec 19 '13 at 18:57






  • 3





    @Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

    – Iszi
    Dec 19 '13 at 20:40








  • 1





    @Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

    – allquixotic
    Dec 19 '13 at 20:55






  • 1





    @allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

    – Iszi
    Dec 19 '13 at 20:58
















6












6








6


2






I use a few secure websites that require me to install a PFX certificate to access them. I have multiple computers I do this from, and I need a quick way of determining which ones in which I still need to install the certificate.



Is there a way I can list all the certificates in the Personal store using batch commands? I can run the command remotely, but I'm not aware of any method to list them.



"How can I get a list of installed certificates on Windows?" is a similar question but I'm looking for a solution specific to command line. The answers there all involve using the GUI or Powershell.



enter image description here










share|improve this question
















I use a few secure websites that require me to install a PFX certificate to access them. I have multiple computers I do this from, and I need a quick way of determining which ones in which I still need to install the certificate.



Is there a way I can list all the certificates in the Personal store using batch commands? I can run the command remotely, but I'm not aware of any method to list them.



"How can I get a list of installed certificates on Windows?" is a similar question but I'm looking for a solution specific to command line. The answers there all involve using the GUI or Powershell.



enter image description here







windows-7 batch ssl certificate






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 17 at 15:44







Moses

















asked Dec 19 '13 at 18:38









MosesMoses

9,1262159107




9,1262159107













  • What OS are you using?

    – EBGreen
    Dec 19 '13 at 18:43











  • I'm using Windows 7

    – Moses
    Dec 19 '13 at 18:57






  • 3





    @Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

    – Iszi
    Dec 19 '13 at 20:40








  • 1





    @Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

    – allquixotic
    Dec 19 '13 at 20:55






  • 1





    @allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

    – Iszi
    Dec 19 '13 at 20:58





















  • What OS are you using?

    – EBGreen
    Dec 19 '13 at 18:43











  • I'm using Windows 7

    – Moses
    Dec 19 '13 at 18:57






  • 3





    @Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

    – Iszi
    Dec 19 '13 at 20:40








  • 1





    @Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

    – allquixotic
    Dec 19 '13 at 20:55






  • 1





    @allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

    – Iszi
    Dec 19 '13 at 20:58



















What OS are you using?

– EBGreen
Dec 19 '13 at 18:43





What OS are you using?

– EBGreen
Dec 19 '13 at 18:43













I'm using Windows 7

– Moses
Dec 19 '13 at 18:57





I'm using Windows 7

– Moses
Dec 19 '13 at 18:57




3




3





@Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

– Iszi
Dec 19 '13 at 20:40







@Moses What's your particular aversion to PowerShell? It's not like you're looking to do this on XP or Server 2003, where PowerShell isn't built-in on a standard install. Also, PowerShell allows you to run some commands remotely (if the systems are properly configured for it) which would allow you to easily gather all data on all your systems from across the network in one script.

– Iszi
Dec 19 '13 at 20:40






1




1





@Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

– allquixotic
Dec 19 '13 at 20:55





@Iszi In fact, for a large number of systems, using PowerShell to do the entire task (determine whether the cert needs to be installed, and then install it if not) is entirely plausible -- assuming they're all on the same LAN, you could sit at your own workstation and do this for ALL the PCs under your purview using the remote feature of PS. I would rather think he'd be trying to implement his solution in PS, rather than avoiding it!

– allquixotic
Dec 19 '13 at 20:55




1




1





@allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

– Iszi
Dec 19 '13 at 20:58







@allquixotic I will confess though, that more than once I asked a question like this myself. It was perhaps almost as much out of fear of adapting to PowerShell (vs. writing the batch scripts I understood) as it was a need to support XP/2003. I've learned a bit since then, though. Now I can't stand being limited to batch.

– Iszi
Dec 19 '13 at 20:58












2 Answers
2






active

oldest

votes


















12














Here's how to do it from a cmd.exe shell on Windows 7, without first starting PowerShell:



C:> powershell -Command Get-ChildItem -Recurse Cert:


You can then pipe the output to other commands (which commands? well, your question isn't about that, so I won't go into detail) or to a file. From there you can isolate whether the specific cert you're looking for is installed.



Since you said you're on Windows 7, I assume that PowerShell is installed. To not have PowerShell, it would explicitly have to be uninstalled, and you didn't mention in your question that PowerShell was uninstalled or not available, or that the solution has to work on pre-Vista Windows where PowerShell didn't exist.






share|improve this answer
























  • I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

    – Moses
    Dec 20 '13 at 17:28











  • Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

    – jxramos
    Feb 9 '17 at 20:35



















3














No Powershell necessary.



Also the proposed solution dumps raw data not just the Personal store requested by the OP.



N.B. The following was run in an Administrator command prompt shell




C:windowssystem32>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"



OS Name:                   Microsoft Windows 7 Enterprise

OS Version: 6.1.7601 Service Pack 1 Build 7601


C:windowssystem32>certutil -store My



My   <<< Certificate Store Name

================ Certificate 0 ================

Serial Number: **************************** *<<< asterisks = mask for post. You will see cert info*

Issuer: ****************************

NotBefore: ****************************

NotAfter: ****************************

Subject: CN=****************************

Non-root Certificate

Template: ****************************

Cert Hash(sha1): ****************************

Simple container name: ****************************

Provider = Microsoft RSA SChannel Cryptographic Provider

Private key is NOT exportable

Encryption test passed






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f690763%2flist-installed-personal-certificates-in-batch%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    12














    Here's how to do it from a cmd.exe shell on Windows 7, without first starting PowerShell:



    C:> powershell -Command Get-ChildItem -Recurse Cert:


    You can then pipe the output to other commands (which commands? well, your question isn't about that, so I won't go into detail) or to a file. From there you can isolate whether the specific cert you're looking for is installed.



    Since you said you're on Windows 7, I assume that PowerShell is installed. To not have PowerShell, it would explicitly have to be uninstalled, and you didn't mention in your question that PowerShell was uninstalled or not available, or that the solution has to work on pre-Vista Windows where PowerShell didn't exist.






    share|improve this answer
























    • I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

      – Moses
      Dec 20 '13 at 17:28











    • Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

      – jxramos
      Feb 9 '17 at 20:35
















    12














    Here's how to do it from a cmd.exe shell on Windows 7, without first starting PowerShell:



    C:> powershell -Command Get-ChildItem -Recurse Cert:


    You can then pipe the output to other commands (which commands? well, your question isn't about that, so I won't go into detail) or to a file. From there you can isolate whether the specific cert you're looking for is installed.



    Since you said you're on Windows 7, I assume that PowerShell is installed. To not have PowerShell, it would explicitly have to be uninstalled, and you didn't mention in your question that PowerShell was uninstalled or not available, or that the solution has to work on pre-Vista Windows where PowerShell didn't exist.






    share|improve this answer
























    • I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

      – Moses
      Dec 20 '13 at 17:28











    • Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

      – jxramos
      Feb 9 '17 at 20:35














    12












    12








    12







    Here's how to do it from a cmd.exe shell on Windows 7, without first starting PowerShell:



    C:> powershell -Command Get-ChildItem -Recurse Cert:


    You can then pipe the output to other commands (which commands? well, your question isn't about that, so I won't go into detail) or to a file. From there you can isolate whether the specific cert you're looking for is installed.



    Since you said you're on Windows 7, I assume that PowerShell is installed. To not have PowerShell, it would explicitly have to be uninstalled, and you didn't mention in your question that PowerShell was uninstalled or not available, or that the solution has to work on pre-Vista Windows where PowerShell didn't exist.






    share|improve this answer













    Here's how to do it from a cmd.exe shell on Windows 7, without first starting PowerShell:



    C:> powershell -Command Get-ChildItem -Recurse Cert:


    You can then pipe the output to other commands (which commands? well, your question isn't about that, so I won't go into detail) or to a file. From there you can isolate whether the specific cert you're looking for is installed.



    Since you said you're on Windows 7, I assume that PowerShell is installed. To not have PowerShell, it would explicitly have to be uninstalled, and you didn't mention in your question that PowerShell was uninstalled or not available, or that the solution has to work on pre-Vista Windows where PowerShell didn't exist.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 19 '13 at 20:27









    allquixoticallquixotic

    30.8k695127




    30.8k695127













    • I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

      – Moses
      Dec 20 '13 at 17:28











    • Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

      – jxramos
      Feb 9 '17 at 20:35



















    • I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

      – Moses
      Dec 20 '13 at 17:28











    • Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

      – jxramos
      Feb 9 '17 at 20:35

















    I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

    – Moses
    Dec 20 '13 at 17:28





    I know how to pipe the output, so that shouldn't be an issue. My main reason for avoiding Powershell is that I use a couple different management applications that work really well with batch. This will work fine, though. Thanks

    – Moses
    Dec 20 '13 at 17:28













    Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

    – jxramos
    Feb 9 '17 at 20:35





    Looks like the Personal -> Certificates of interest to you show up under the Name : My section from the powershell output.

    – jxramos
    Feb 9 '17 at 20:35













    3














    No Powershell necessary.



    Also the proposed solution dumps raw data not just the Personal store requested by the OP.



    N.B. The following was run in an Administrator command prompt shell




    C:windowssystem32>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"



    OS Name:                   Microsoft Windows 7 Enterprise

    OS Version: 6.1.7601 Service Pack 1 Build 7601


    C:windowssystem32>certutil -store My



    My   <<< Certificate Store Name

    ================ Certificate 0 ================

    Serial Number: **************************** *<<< asterisks = mask for post. You will see cert info*

    Issuer: ****************************

    NotBefore: ****************************

    NotAfter: ****************************

    Subject: CN=****************************

    Non-root Certificate

    Template: ****************************

    Cert Hash(sha1): ****************************

    Simple container name: ****************************

    Provider = Microsoft RSA SChannel Cryptographic Provider

    Private key is NOT exportable

    Encryption test passed






    share|improve this answer




























      3














      No Powershell necessary.



      Also the proposed solution dumps raw data not just the Personal store requested by the OP.



      N.B. The following was run in an Administrator command prompt shell




      C:windowssystem32>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"



      OS Name:                   Microsoft Windows 7 Enterprise

      OS Version: 6.1.7601 Service Pack 1 Build 7601


      C:windowssystem32>certutil -store My



      My   <<< Certificate Store Name

      ================ Certificate 0 ================

      Serial Number: **************************** *<<< asterisks = mask for post. You will see cert info*

      Issuer: ****************************

      NotBefore: ****************************

      NotAfter: ****************************

      Subject: CN=****************************

      Non-root Certificate

      Template: ****************************

      Cert Hash(sha1): ****************************

      Simple container name: ****************************

      Provider = Microsoft RSA SChannel Cryptographic Provider

      Private key is NOT exportable

      Encryption test passed






      share|improve this answer


























        3












        3








        3







        No Powershell necessary.



        Also the proposed solution dumps raw data not just the Personal store requested by the OP.



        N.B. The following was run in an Administrator command prompt shell




        C:windowssystem32>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"



        OS Name:                   Microsoft Windows 7 Enterprise

        OS Version: 6.1.7601 Service Pack 1 Build 7601


        C:windowssystem32>certutil -store My



        My   <<< Certificate Store Name

        ================ Certificate 0 ================

        Serial Number: **************************** *<<< asterisks = mask for post. You will see cert info*

        Issuer: ****************************

        NotBefore: ****************************

        NotAfter: ****************************

        Subject: CN=****************************

        Non-root Certificate

        Template: ****************************

        Cert Hash(sha1): ****************************

        Simple container name: ****************************

        Provider = Microsoft RSA SChannel Cryptographic Provider

        Private key is NOT exportable

        Encryption test passed






        share|improve this answer













        No Powershell necessary.



        Also the proposed solution dumps raw data not just the Personal store requested by the OP.



        N.B. The following was run in an Administrator command prompt shell




        C:windowssystem32>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"



        OS Name:                   Microsoft Windows 7 Enterprise

        OS Version: 6.1.7601 Service Pack 1 Build 7601


        C:windowssystem32>certutil -store My



        My   <<< Certificate Store Name

        ================ Certificate 0 ================

        Serial Number: **************************** *<<< asterisks = mask for post. You will see cert info*

        Issuer: ****************************

        NotBefore: ****************************

        NotAfter: ****************************

        Subject: CN=****************************

        Non-root Certificate

        Template: ****************************

        Cert Hash(sha1): ****************************

        Simple container name: ****************************

        Provider = Microsoft RSA SChannel Cryptographic Provider

        Private key is NOT exportable

        Encryption test passed







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Aug 9 '17 at 12:44









        NetScr1beNetScr1be

        961




        961






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f690763%2flist-installed-personal-certificates-in-batch%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            Origin of the phrase “under your belt”?