Home
> Commands A-M
> Commands Ca-Cg
CERTUTIL Archival/Recovery
Description
| Syntax
| Parameters
| Switches
| Related
| Notes
| Examples
| Errorlevels
| Availability
Certutil tasks for key archival and recovery.
Syntax
CERTUTIL
[-getkey]
[/?]
To retrieve an archived private key recovery blob:
CERTUTIL
-getkey
[-f]
[-gmt]
[-seconds]
[-v]
search_token
[recovery_blob_output_file]
To recover an archived private key:
CERTUTIL
-recoverkey
[-f]
[-user]
[-gmt]
[-seconds]
[-split]
[-v]
[-p password]
recovery_blob_input_file
[pfx_output_file]
[recipient_index]
Parameters
- pfx_output_file
(NT2003)
- Specifies the file where you want to save the
recovered key and associated PKCS #12 certificate.
- recipient_index
(NT2003)
- Specifies the index of the key recovery agent
(KRA) certificate to be used for decrypting the
private key blob. If omitted, tries all of the KRA
certificates.
- recovery_blob_input_file
(NT2003)
- Specifies the input file that contained the
recovery blob retrieved from the CA.
- recovery_blob_output_file
(NT2003)
- Specifies the output file containing a certificate
chain and an associated private key, still encrypted
to one or more key recovery agent (KRA) certificates.
- search_token
(NT2003)
- Specifies the keys and certificates that you want
to recover.
- Can be a certificate common name, a certificate
serial number, a certificate Secure Hash Algorithm
(SHA-1) hash, a requester name, or a user principal
name (UPN).
Switches
- /?
(NT2003)
- Display help.
- -f
(NT2003)
- Overwrites existing files or keys.
- -getkey
(NT2003)
- Retrieves the archived private key.
- -gmt
(NT2003)
- Displays time as Greenwich mean time.
- -p password
(NT2003)
- Specifies a password.
- The maximum length allowed for a PFX file password
is 32 characters.
- -recoverkey
(NT2003)
- Recovers the archived private key.
- -seconds
(NT2003)
- Displays time with seconds and milliseconds.
- -split
(NT2003)
- Splits the embedded Abstract Syntax Notation One
(ASN.1) elements, and saves them to files.
- -user
(NT2003)
- Uses the HKEY_CURRENT_USER keys or certificate
store.
- -v
(NT2003)
- Specifies verbose output.
Related
CERTUTIL backup/restore
CERTUTIL configure
CERTUTIL decode/encode
CERTUTIL certificates
CERTUTIL CRLs
CERTUTIL manage
CERTUTIL troubleshooting
Notes
none.
Examples
none.
Errorlevels
none.
Availability
- External
-
- DOS
-
none
- Windows
-
none
- Windows NT
-
NT2003
Last Updated: 2003/07/28
Direct corrections or suggestions to:
Rick Lively