🔐 certutil -dump Command Guide
Learn how to inspect PFX (PKCS#12) certificate files using the built-in Windows certutil utility. View certificate validity dates, issuer, subject, thumbprints, certificate chains, and private key information.
🚀 What is the certutil -dump Command?
certutil is a built-in Windows command-line utility used to manage, verify, and inspect digital certificates. It is commonly used by system administrators, developers, and IT professionals working with SSL/TLS certificates.
The -dump parameter reads a certificate file and displays detailed
information about its contents. The command is read-only and does not modify,
import, or delete the certificate.
📌 How to Use certutil -dump
Open Command Prompt and execute the following command:
certutil -dump "C:\Users\Username\Downloads\certificate.pfx"
Example:
certutil -dump "C:\Users\Admin\Downloads\wildcard_example.com_2026.pfx"
Windows will display detailed information stored inside the PFX certificate.
📅 Check Certificate Expiration Date
One of the most common reasons for using certutil -dump is to verify the certificate validity period.
NotBefore : 07/03/2025 NotAfter : 07/03/2026
| Field | Description |
|---|---|
NotBefore |
The date when the certificate becomes valid. |
NotAfter |
The certificate expiration date. |
📌 Information Displayed by certutil -dump
Depending on the certificate, the output may include:
- Certificate Subject
- Certificate Issuer
- Serial Number
- SHA-1 / SHA-256 Thumbprints
- Public Key Information
- Certificate Chain
- Private Key Availability
- Friendly Name
- Enhanced Key Usage (EKU)
- Certificate Validity Period
📌 Does the Command Require a Password?
Many PFX files are protected with a password. If the certificate is encrypted, certutil may prompt you to enter the password before displaying the certificate details.
⚡ Common certutil Commands
| Command | Description |
|---|---|
certutil -dump file.pfx |
Displays detailed information about a PFX certificate. |
certutil -store My |
Lists certificates stored in the local certificate store. |
certutil -verifystore My |
Verifies certificates in the certificate store. |
certutil -user -store My |
Displays certificates in the current user’s certificate store. |
🔒 Security Notice
Although certutil -dump does not expose the private key itself, the output may contain certificate metadata such as subject names, thumbprints, serial numbers, and issuer information. Avoid sharing this information publicly unless necessary.
📝 Conclusion
The Windows certutil utility provides an easy way to inspect PFX certificate files without installing any third-party software. Whether you need to verify certificate expiration dates, inspect wildcard SSL certificates, validate certificate chains, or review certificate metadata, certutil -dump is a reliable built-in tool for Windows administrators.