Site Overlay

certutil -dump Command Guide

certutil -dump Command Explained | View PFX Certificate Details in Windows

🔐 certutil -dump Command Guide

Learn how to inspect PFX (PKCS#12) certificate files using the built-in Windows certutil utility. View certificate validity dates, issuer, subject, thumbprints, certificate chains, and private key information.

🚀 What is the certutil -dump Command?

certutil is a built-in Windows command-line utility used to manage, verify, and inspect digital certificates. It is commonly used by system administrators, developers, and IT professionals working with SSL/TLS certificates.

The -dump parameter reads a certificate file and displays detailed information about its contents. The command is read-only and does not modify, import, or delete the certificate.

The certutil -dump command safely reads certificate information without making any changes to the PFX file.

📌 How to Use certutil -dump

Open Command Prompt and execute the following command:

certutil -dump "C:\Users\Username\Downloads\certificate.pfx"

Example:

certutil -dump "C:\Users\Admin\Downloads\wildcard_example.com_2026.pfx"

Windows will display detailed information stored inside the PFX certificate.

📅 Check Certificate Expiration Date

One of the most common reasons for using certutil -dump is to verify the certificate validity period.

NotBefore : 07/03/2025
NotAfter  : 07/03/2026
Field Description
NotBefore The date when the certificate becomes valid.
NotAfter The certificate expiration date.

📌 Information Displayed by certutil -dump

Depending on the certificate, the output may include:

  • Certificate Subject
  • Certificate Issuer
  • Serial Number
  • SHA-1 / SHA-256 Thumbprints
  • Public Key Information
  • Certificate Chain
  • Private Key Availability
  • Friendly Name
  • Enhanced Key Usage (EKU)
  • Certificate Validity Period

📌 Does the Command Require a Password?

Many PFX files are protected with a password. If the certificate is encrypted, certutil may prompt you to enter the password before displaying the certificate details.

Once the correct password is provided, the certificate information is displayed.

⚡ Common certutil Commands

Command Description
certutil -dump file.pfx Displays detailed information about a PFX certificate.
certutil -store My Lists certificates stored in the local certificate store.
certutil -verifystore My Verifies certificates in the certificate store.
certutil -user -store My Displays certificates in the current user’s certificate store.

🔒 Security Notice

Although certutil -dump does not expose the private key itself, the output may contain certificate metadata such as subject names, thumbprints, serial numbers, and issuer information. Avoid sharing this information publicly unless necessary.

📝 Conclusion

The Windows certutil utility provides an easy way to inspect PFX certificate files without installing any third-party software. Whether you need to verify certificate expiration dates, inspect wildcard SSL certificates, validate certificate chains, or review certificate metadata, certutil -dump is a reliable built-in tool for Windows administrators.

Copyright © 2026 Arif Akyüz. All Rights Reserved. | Catch Vogue by Catch Themes