Windows store and KSP commands
This section covers commands that you use in SMCTL to manage commands for Windows.
Command
To view commands specific to Windows, run:
smctl windows -h
Subcommands
These subcommands specify the actions you can apply to Windows commands.
smctl windows <subcommand>
Shortcut | Subcommand | Description |
---|---|---|
Desyncs certificates from local Windows store. | ||
Syncs certificates to local Windows store. | ||
Key storage provider. | ||
-h | --help | Help for Windows. |
Desync certificate
Desyncs certificates from local Windows store.
Desync certificate commands begin with:
smctl windows certdesync <flag>
Flags
The desync certificate command supports these flags:
Shortcut | Flag | Description |
---|---|---|
--certificate-alias string | Certificate alias for individual desync of certificate. Format: --certificate-alias="<value>" | |
--certificate-status string | Desyncs all certificates with the status: Format: --certificate-status="<value>" | |
--keypair-alias string | Keypair alias for individual desync of associated certificate. Format: --keypair-alias="<value>" | |
--store string | Store to desync from: user or system. Default is “user”. Format: --store="<value>" | |
-h | --help | Help for certdesync. |
Example
Description: Desync the default certificate associated with the specified keypair alias from the certificate store.
Command:
smctl windows certdesync --keypair-alias=<keypair alias>
Command sample:
smctl windows certdesync --keypair-alias=keypair-dynamic-kp1
Sync certificate
Sync certificate commands begin with:
smctl windows certsync <flag>
Flags
The sync certificate command supports these flags:
Shortcut | Flag | Description |
---|---|---|
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
--keypair-alias string | Certificate alias for individual sync of certificate. Format: --keypair-alias="<value>" | |
--keypair-type string | Specify which type of key to sync. Format: --keypair-type="<value>" | |
--reset | Desyncs all keys, then syncs based on the flags specified in the command. | |
--signable | Syncs only keys to which the user has signing access. Default is to sync only signable keys. | |
--store string | Store to sync to: user or system. Default is “user”. Format: --store="<value>" | |
-h | --help | Help for certsync. |
Example
Description: Sync the default certificate associated with the specified keypair alias to the certificate store
Command:
smctl windows certsync --keypair-alias=<keypair alias>
Command sample:
smctl windows certsync --keypair-alias=keypair-dynamic-kp1
Key Storage Provider (KSP)
Use the following command to manage KSPs:
smctl windows ksp <subcommand>
Subcommands
The KSP command supports these subcommands:
Shortcut | Subcommand | Description |
---|---|---|
ls | list | List all Key Storage Providers (KSPs). |
register | Register DigiCert Signing Manager KSP. This command must be run from an admin console. | |
rm | remove | Remove registered DigiCert Signing Manager KSP. This command must be run from an admin console. |
Example
Description: Register DigiCert Signing Manager KSP. This command must be run from an admin console.
Command:
smctl windows ksp register
Command sample:
smctl windows ksp register