0

Is there a way to restrict my certificate list on the basis of ExpirationDate of a certificate in certutil -view -restrict command?

I have nearly 2 million certificates. It is very hard to find in the excel file as excel does not open it very well

@ECHO
certutil -view -restrict "NotAfter>=2/22/2020 12:00AM , NotBefore>=3/13/2020 12:00AM , disposition=20" -out "RequesterName,CommonName,CertificateTemplate,NotAfter" csv > C:\Report\march2020.csv
James Z
  • 12,209
  • 10
  • 24
  • 44
Ashish
  • 75
  • 2
  • 9
  • Would it possible to post the command that I can use to get the certificate expiring on 25 March 2020 using certutil command in cmd – Ashish Mar 14 '20 at 14:56

1 Answers1

0

To filter on the expiry of a certificate, use Certificate Expiration Date instead of NotAfter.

To show when a certificate expires on a specific date, you need to filter the output so that it restricts it to everything between the start of that date (25 March 2020 00:00) and the start of the day after (before 26 March 2020). A date without time, is the equivalent of 00:00 on that date.

You can do this with:

certutil -view -restrict "Certificate Expiration Date >= 25/03/2020,Certificate Expiration Date < 26/03/2020" -out "RequesterName,CommonName,CertificateTemplate,Certificate Expiration Date" csv > C:\Report\march2020.csv

Note: The example uses dd/mm/yyyy for the date, but you should enter the date on your system in the format your locale expects.

To get a list of options on which you can filter run certutil -schema.

garethTheRed
  • 1,997
  • 13
  • 20
  • When i run this command it is returning all the certificate, it is not filtering the certificate on the basis of the Certificate Expiration Date – Ashish Mar 16 '20 at 16:38
  • Works for me! Have you double-checked for typos? Did you adjust the date format for your locale (if required)? What version of Windows are you running? – garethTheRed Mar 16 '20 at 17:03