Certificate Services & File Hash Utility
The certutil command is a Windows utility for managing certificates and Certificate Services. It's commonly used by IT professionals to generate file hashes (MD5, SHA1, SHA256), view certificate stores, and encode/decode files.
Think of it like a Swiss Army knife for security tasks - you can verify file integrity by checking hashes, manage SSL certificates, and even convert files to Base64 format for safe transmission. Security teams use it daily to verify downloads haven't been tampered with.
Advertisement
[ Insert Google AdSense Banner Code Here ]
Check if downloaded files match official hashes to detect tampering.
View SSL/TLS certificates installed on your system.
Convert files to Base64 for safe text-based transmission.
Investigate suspicious files by calculating their cryptographic signatures.
certutil -hashfile document.txt MD5 Calculate MD5 hash of a file (useful for quick checksums).
certutil -hashfile setup.exe SHA256 Calculate SHA256 hash - the most secure and recommended algorithm.
certutil -store MY View all personal certificates in your certificate store.
certutil -store ROOT View all trusted root certificate authorities.
certutil -encode file.txt file.b64 Encode a file to Base64 format for safe text transmission.
certutil -decode file.b64 file.txt Decode a Base64-encoded file back to its original format.
certutil -verify certificate.cer Verify a certificate's validity and check its signature chain.
certutil -? Display full help documentation and all available options.
Always use SHA256 or SHA512 for file verification - MD5 and SHA1 are cryptographically broken and can be forged by attackers.
Note: Attackers sometimes abuse certutil to download malicious files. Monitor its usage on production systems and review security logs regularly.
Practice certutil commands in the interactive terminal below: