Collections:
Other Resources:
Microsoft "certutil -verify" - Validate Expired Certificate
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status?
✍: FYIcenter.com
Yes. If you validate an expired certificate with the Microsoft "certutil -verify file_name" command, you will see an expired certificate report as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -verify VeriSign.crt Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Subject: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US Cert Serial Number: e49efdf33ae80ecfa5113e19a4240232 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE --------CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=1 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1) Application[0] = 1.3.6.1.5.5.7.3.4 Secure Email Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication Application[2] = 1.3.6.1.5.5.7.3.3 Code Signing Application[3] = 1.3.6.1.5.5.7.3.1 Server Authentication Exclude leaf cert: da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09 Full chain: 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US NotBefore: 1/28/1996 7:00 PM NotAfter: 1/7/2004 6:59 PM Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial: e49efdf33ae80ecfa5113e19a4240232 4f 65 56 63 36 db 65 98 58 1d 58 4a 59 6c 87 93 4d 5f 2a b4 A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495) ------------------------------------ Expired certificate Cannot check leaf certificate revocation status CertUtil: -verify command completed successfully.
As you can see from the output, the command works successfully:
⇒ Microsoft "certutil -encode" Command Options
⇐ Microsoft "certutil -verify first.crt" - Validate Certificate
2013-02-28, 16237🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.so-net.ne.jp, Systems Engineering Division 12, So-net Corporation, ...
Certificate summary - Owner: RapidSSL CA, "GeoTrust, Inc.", US Issuer: GeoTrust Global CA, GeoTrust ...
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extension...
How to start OpenSSL from my working directory where I have certificates stored. You can start OpenS...
Certificate Summary: Subject: RapidSSL TLS RSA CA G1 Issuer: DigiCert Global Root G2 Expiration: 202...