how to find out the valid store names for certutil

Solution 1:

You can quickly get the list in Powershell:

PS> ls Cert:\LocalMachine

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : WebHosting
Name : CA
Name : REQUEST
Name : AuthRoot
Name : TrustedPeople
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed

Solution 2:

Found a site with the valid store names which are:

ca -> Specifies certificates in the Intermediate Certification Authorities store
my -> Specifies certificates issued to the current user
root -> Specifies certificates in the Trusted Root Certification Authorities store
spc -> Specifies software publisher certificates
user_created_store -> Specifies the name of a user-created certificate store

Solution 3:

also:

  • AddressBook -> specifies "Other People" store
  • Trust -> specifies "Enterprise Trust" store
  • TrustedPublisher -> specifies "Trusted Publishers" store

by the way, "spc" is not working for me

I think the list is here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx

or here http://msdn.microsoft.com/en-us/library/microsoft.web.services2.security.x509.x509certificatestore_members.aspx

"root" and "trust" are not valid in the user context (when using -user switch)

Solution 4:

This will enumerate all certificate stores:

certutil -enumstore

certutil -enumstore output

Check this answer for naming discrepancies: Certutil naming mismatch