Syntax of certutil.exe?

Solution 1:

Try commands with -?. You can get detailed informations about commands:

For example:

C:\>certutil -addstore -?

Usage:
  CertUtil [Options] -addstore CertificateStoreName InFile
  Add certificate to store
    CertificateStoreName -- Certificate store name.  See -store.
    InFile -- Certificate or CRL file to add to store.

Options:
  -f                -- Force overwrite
  -enterprise       -- Use local machine Enterprise registry certificate store
  -user             -- Use HKEY_CURRENT_USER keys or certificate store
  -GroupPolicy      -- Use Group Policy certificate store
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -dc DCName                -- Target a specific Domain Controller

CertUtil -?              -- Display a verb list (command list)
CertUtil -addstore -?    -- Display help text for the "addstore" verb
CertUtil -v -?           -- Display all help text for all verbs

Solution 2:

The first thing to distinguish is the difference between a certificate store and a certificate database.

From MSDN - Public Key Infrastructure

Certificate Database

Saves certificate requests and issued and revoked certificates and certificate requests on the CA or RA.

Certificate Store

Saves issued certificates and pending or rejected certificate requests on the local computer.

This means -addstore is used when you want to add a certificate to the local store.

Next is the difference between -installcert and -importcert. The key is to distinguish the difference between an install and an import.

The file used for -importcert must be a single certificate.

The file used for -installcert can be a certificate chain (PKCS #7 or X.509 v3) or a single certificate.

Finally this means -installpfx will install a single PFX (PKCS #12) certificate or a certificate chain.