CertTool Guide

Posted: July 5, 2010 in CA, Certificate Authority, Microsoft, Uncategorized

Install CertTool

1. Copy the CertTool Installation package to Folder to C:\CertTool
2. Run Setup.exe
3. On the Installation Screen select Install.
4. Finished


Navigate to C:\CertTool\CertTool_1_0_0_7 and run the following command:

CertTool –fn ”friendlyname” –ca “MachineName\CAName” –t “CertTemplate” –csp “CSP Name” -p ProviderType e.g. 1 -k KeySpec e.g. 1 -dn “DistinguishedName” –pw “Key Password” –san “san e.g. san:dns=http://etc”


friendlyname is mandatory is used as an identifier within the machine store. It can be used to reference the certificate programmatically

MachineName\CAName is mandatory and is used to reference the Certificate Authority that the certificate is being requested from

CertTemplate mandatory and must be published on the referenced Microsoft Certificate Authority

CSP Name the Cryptographic Service Provider on the requesting machine to be used to generate the certificate request e.g. Microsoft Base Cryptographic Provider v1.0

Provider Type dependant on implementation frequently

KeySpec dependant on implementation frequently 1.

DistinguishedName mandatory distinguished name of certificate subject. e.g. “CN=Alice, dc=etc, dc=etc”

Key Password optional password that if set causes the requested cert to be exported to the c drive as friendlyname>;.pfx with the specified password as protection

san optional Subject Alternative Name; if set causes the certificate to include the Subject Alternative Name. Takes the form san:dns=url.

Blacklog is a product of Blacktip Ltd

Feel free to link me in Mark Sutton CISSP
View Mark Sutton CISSP's profile on LinkedIn
I can also be found at twitter msutton


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s