0

Experts, anyone know how to find certificates in keyusage that contains only KEY_ENCIPHERMENT ?

 certutil -v -user -store my | findstr "Key.Encipherment,.Data.Encipherment.(30)"

credit to @josefz

I've manage filtered it correctly. so what i am doing now is to filter the certificates with key usage values that i wanted and use the serial number as part of the command require to export those certs. but it seems the syntax command i wrote here is incorrect. anyone could help? i struggling with the syntax. The flow suppose to be like for each serial number in cert key usage values do print the serial number on the export [serialnumber] PFX out

   for /f "tokens=1,2 delims=:" %g in ('certutil -v -store my | findstr "Key.Encipherment,.Data.Encipherment.(30)"') do ( certutil -v -user -store %a "%h" | echo %a & certutil -v -user -store my | findstr "Serial.Number")

Next, the certificate serial number printed out in console should able to go directly to [serialnumber] and loop to export the PFXs until there is no serial number.

certutil -p password -exportPFX my [serialnumber] C:\cert.PFX
demon sky
  • 23
  • 2
  • 8
  • Unclear what do you seeking for. Use _verbose_ option and look over output from `certmgr.exe -s -v -r currentuser my | findstr /I "\=Certificate extension Usage Encipherment"`. – JosefZ May 15 '20 at 08:42
  • i'm seeking for a command that could filter certificate(s) keyusage values and display the certificate details onto the console. next, with the certificate filtered out, i need to put the serial number of those filtered certificate(s) using a export certificatecommand to export those certificate out.(plan to use certutil for export if certmgr is unable to do so) – demon sky May 15 '20 at 09:59
  • Take a look at [batch-file: Query Certificates for …](https://stackoverflow.com/a/53404178/3439404) if this could help. – JosefZ May 15 '20 at 10:20
  • certmgr.exe -s -v -r currentuser my |findstr 7 | findstr /I "\=Certificate KeyEncipherment" the current code works but what command do i need to display the serial number together as well? i cant seems to display the serial number values.. – demon sky May 15 '20 at 10:27
  • @JosefZ thanks for helping, i have updated my post hope i have describe it clearly. – demon sky May 15 '20 at 10:44
  • new updates. on my post – demon sky May 16 '20 at 13:48

0 Answers0