Defining the friendly name certificate property

The friendly name of a certificate can be helpful if multiple certificates with a similar subject exist in a certificate store.

One way to set the friendly name is through the certificate MMC SnapIn. Alternatively certutil.exe can be used in the following way:

  1. Open Notepad and past the following text into the editor

    Signature = “$Windows NT$”
    11 = “{text}My Friendly Name”

  2. Save the file as friendlyname.inf
  3. Determine the serialnumber of the certificate where the friendly name should be changed.
  4. If the certificate exists in the user’s certificate store, run the following command at a command-line

certutil –repairstore –user my {SerialNumber} FriendlyName.inf

Comments (3)

  1. Anonymous says:

    to PKIcrazy:

    seems that you forgot -user paramater. It is working fine:

    C:>certutil -repairstore -user my "63 1e 8e 36 27 48 2c 8f 45 46 23 96 23 cd 23

    2e" friendlyname.inf


    ================ Certificate 4 ================

    Serial Number: 631e8e3627482c8f4546239623cd232e

    Issuer: CN=Test

    NotBefore: 26.06.2009 15:05

    NotAfter: 30.09.2018 0:00

    Subject: CN=Test

    Signature matches Public Key

    Root Certificate: Subject matches Issuer

    Cert Hash(sha1): 4d be a6 59 3e f5 f7 86 d2 5b 6f 3c 27 31 b4 fe d7 93 35 c6

    CertUtil: -repairstore command completed successfully.

  2. Anonymous says:

    Is there a specific version of certutil to use for this? I get a too many arguments error.

    C:Temp>certutil -repairstore my "1b 04 68 ab 00 00 00 03 fc 04" Friendlyname.inf

    402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version

    Expected no more than 2 args, received 3

    CertUtil: Too many arguments

  3. lucy says:

    Great post from your hands again. I loved the complete article.
    By the way nice writing style you have. I never felt like boring while reading this article.

    I will come back & read all your posts soon. Regards, Lucy.