Skip to main content

Windows store and KSP commands

This section covers commands that you use in SMCTL to manage commands for Windows.

Command

To view commands specific to Windows, run:

smctl windows -h

Subcommands

These subcommands specify the actions you can apply to Windows commands.

smctl windows <subcommand>
tabel 1. Subcommands for managing Windows commands

Shortcut

Subcommand

Description

certdesync

Desyncs certificates from local Windows store.

certsync

Syncs certificates to local Windows store.

ksp

Key storage provider.

-h

--help

Help for Windows.


Desync certificate

Desyncs certificates from local Windows store.

Desync certificate commands begin with:

smctl windows certdesync <flag>

Flags

The desync certificate command supports these flags:

tabel 2. Flags for desyncing a certificate

Shortcut

Flag

Description

--certificate-alias string

Certificate alias for individual desync of certificate. 

Format:

--certificate-alias="<value>"

--certificate-status string

Desyncs all certificates with the status: expired, revoke, invalid, or all

Format:

--certificate-status="<value>"

--keypair-alias string

Keypair alias for individual desync of associated certificate. 

Format:

--keypair-alias="<value>"

--store string

Store to desync from: user or system. Default is “user”. 

Format:

--store="<value>"

-h

--help

Help for certdesync.


Example

Description: Desync the default certificate associated with the specified keypair alias from the certificate store.

Command:

smctl windows certdesync --keypair-alias=<keypair alias>

Command sample:

smctl windows certdesync --keypair-alias=keypair-dynamic-kp1

Sync certificate

Sync certificate commands begin with:

smctl windows certsync <flag>

Flags

The sync certificate command supports these flags:

tabel 3. Flags for syncing certificates to the local Windows store

Shortcut

Flag

Description

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

--keypair-alias string

Certificate alias for individual sync of certificate. 

Format:

--keypair-alias="<value>"

--keypair-type string

Specify which type of key to sync. 

Format:

--keypair-type="<value>"

--reset

Desyncs all keys, then syncs based on the flags specified in the command.

--signable

Syncs only keys to which the user has signing access. Default is to sync only signable keys.

--store string

Store to sync to: user or system. Default is “user”. 

Format:

--store="<value>"

-h

--help

Help for certsync.


Example

Description: Sync the default certificate associated with the specified keypair alias to the certificate store

Command:

smctl windows certsync --keypair-alias=<keypair alias>

Command sample:

smctl windows certsync --keypair-alias=keypair-dynamic-kp1

Key Storage Provider (KSP)

Use the following command to manage KSPs:

smctl windows ksp <subcommand>

Subcommands

The KSP command supports these subcommands:

tabel 4. Subcommands for managing KSPs

Shortcut

Subcommand

Description

ls

list

List all Key Storage Providers (KSPs).

register

Register DigiCert Signing Manager KSP. This command must be run from an admin console.

rm

remove

Remove registered DigiCert Signing Manager KSP. This command must be run from an admin console.


Example

Description: Register DigiCert Signing Manager KSP. This command must be run from an admin console.

Command:

smctl windows ksp register

Command sample:

smctl windows ksp register