Home > Commands A-M > Commands Ca-Cg

CERTUTIL Archival/Recovery


Description | Syntax | Parameters | Switches | Related | Notes | Examples | Errorlevels | Availability

Certutil tasks for key archival and recovery.


Syntax

CERTUTIL [-getkey] [/?]

To retrieve an archived private key recovery blob:
CERTUTIL -getkey [-f] [-gmt] [-seconds] [-v] search_token [recovery_blob_output_file]

To recover an archived private key:
CERTUTIL -recoverkey [-f] [-user] [-gmt] [-seconds] [-split] [-v] [-p password] recovery_blob_input_file [pfx_output_file] [recipient_index]


Parameters
pfx_output_file (NT2003)
Specifies the file where you want to save the recovered key and associated PKCS #12 certificate.
recipient_index (NT2003)
Specifies the index of the key recovery agent (KRA) certificate to be used for decrypting the private key blob. If omitted, tries all of the KRA certificates.
recovery_blob_input_file (NT2003)
Specifies the input file that contained the recovery blob retrieved from the CA.
recovery_blob_output_file (NT2003)
Specifies the output file containing a certificate chain and an associated private key, still encrypted to one or more key recovery agent (KRA) certificates.
search_token (NT2003)
Specifies the keys and certificates that you want to recover.
Can be a certificate common name, a certificate serial number, a certificate Secure Hash Algorithm (SHA-1) hash, a requester name, or a user principal name (UPN).

Switches
/? (NT2003)
Display help.
-f (NT2003)
Overwrites existing files or keys.
-getkey (NT2003)
Retrieves the archived private key.
-gmt (NT2003)
Displays time as Greenwich mean time.
-p password (NT2003)
Specifies a password.
The maximum length allowed for a PFX file password is 32 characters.
-recoverkey (NT2003)
Recovers the archived private key.
-seconds (NT2003)
Displays time with seconds and milliseconds.
-split (NT2003)
Splits the embedded Abstract Syntax Notation One (ASN.1) elements, and saves them to files.
-user (NT2003)
Uses the HKEY_CURRENT_USER keys or certificate store.
-v (NT2003)
Specifies verbose output.

Related

CERTUTIL backup/restore
CERTUTIL configure
CERTUTIL decode/encode
CERTUTIL certificates
CERTUTIL CRLs
CERTUTIL manage
CERTUTIL troubleshooting


Notes

none.


Examples

none.


Errorlevels

none.


Availability
External
DOS
none
Windows
none
Windows NT
NT2003

Last Updated: 2003/07/28
Direct corrections or suggestions to: Rick Lively