"Certutil -view" command does not return issued certificates correctly

Symptoms

The Certutil command-line tool can be used to display the certificates that have been issued by a certification authority using the -view parameter. Under some circumstances, Certutil may not display all the expected certificates. 

For example the following command would not return the expected number of certificates:

certutil -view –restrict "RequesterName=contoso\twt"
Output would be similar to the following:
Maximum Row Index: 0
0 Rows
   0 Row Properties, Total Size = 0, Max Size = 0, Ave Size = 0
   0 Request Attributes, Total Size = 0, Max Size = 0, Ave Size = 0
   0 Certificate Extensions, Total Size = 0, Max Size = 0, Ave Size = 0
   0 Total Fields, Total Size = 0, Max Size = 0, Ave Size = 0
CertUtil: -view command completed successfully.

Cause

This issue is a result of how Certutil handles parsing for the –view parameter. Specifically, there is an issue with how it parses the following escape characters: \n, \r and \t.

Resolution

The workaround is to uppercase all requester name strings passed as restrictions on the Certutil command line.

For example, instead of using this command:

certutil -view –restrict "RequesterName=contoso\twt"
Use this command:

certutil -view –restrict "RequesterName=contoso\TWT"

Propiedades

Id. de artículo: 2233022 - Última revisión: 24 jun. 2010 - Revisión: 1

Comentarios