Проверка подключения к частному ключу сертификата например g при использовании аппаратного модуля безопасности

For a function test or during troubleshooting, it can be useful to check whether the private key of a certificate is usable. If the key is secured with a hardware security module (HSM), for example, there are significantly more dependencies and possibilities for errors than with a software key.

Certificate identification

For computer certificates

Get-ChildItem -Path Cert:\LocalMachine\My

Get-ChildItem -Path Cert:\CurrentUser\My 

In the computer store certificate management console (certlm.msc), this can be done by selecting the certificate and switching to the “Details” tab. The information is located under “Trhumbprint”.

Perform verification

For computer certificates:

certutil -verifystore my {Thumbprint}

certutil -user -verifystore my {Thumbprint}

Perform verification (SYSTEM context)

To perform the scan in the SYSTEM context, it is useful to create a scheduled task, since the account under which it will be executed can be specified here. First, a batch file is created that contains the command for the check.

To intercept the command line output, it is redirected to a text file.

certutil -verifystore my {Thumbprint} > {Path}\{File}.txt

It is essential to specify the absolute path, otherwise the text file will be saved in C:\Windows\System32.

A new task is then created via the task list and .

A meaningful name is assigned in the “General” tab. NT-AUTHORITY\SYSTEM is entered as the identity.

The “Triggers” tab can be skipped because the task is started manually. In the “Actions” tab, a new action “Start a program” is created and the path to the script file is specified.

Then the task can be started manually.

Now a text file should be generated containing the result of the check.

Related links: