Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article provides help to fix an issue where the Certutil -viewcommand doesn't return issued certificates correctly.
Original KB number: 2233022
Symptoms
The Certutil command-line tool can be used to display the certificates that have been issued by a certification authority using the -view parameter. Under some circumstances, Certutil may not display all the expected certificates.
For example, the following command would not return the expected number of certificates:
certutil -view -restrict "RequesterName=contoso\twt"
Output would be similar to the following:
Maximum Row Index: 0
0 Rows
0 Row Properties, Total Size = 0, Max Size = 0, Ave Size = 0
0 Request Attributes, Total Size = 0, Max Size = 0, Ave Size = 0
0 Certificate Extensions, Total Size = 0, Max Size = 0, Ave Size = 0
0 Total Fields, Total Size = 0, Max Size = 0, Ave Size = 0
CertUtil: -view command completed successfully.
Cause
This issue is a result of how Certutil handles parsing for the -view parameter. Specifically, there is an issue with how it parses the following escape characters: \n, \r, and \t.
Resolution
The workaround is to uppercase all requester name strings passed as restrictions on the Certutil command line.
For example, instead of using this command:
certutil -view -restrict "RequesterName=contoso\twt"
Use this command:
certutil -view -restrict "RequesterName=contoso\TWT"