CODEWITHSUNDEEP
windowscertificateroottrustedcertutil
TiagoM
TiagoM

Reputation: 3526

Import Certificate to Trusted Root but not to Personal [Command Line]

I am trying to import two certificates to my local machine using the command line.

I have one certificate to add to the Personal Store of the local machine, and another one to add to the Trusted Root Certification Authorities.

Here is the command to had to Personal Store and not to add at root:

certutil -f -importpfx CA.pfx NoRoot

And to add at Trusted Root and not personal ? Is there any tag ? I didn't found at command help "/?"

Upvotes: 35

Views: 167606

Answers (5)

teeks99
teeks99

Reputation: 3632

There is a fairly simple answer with powershell.

Import-PfxCertificate -Password $secure_pw  -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx

The trick is making a "secure" password...

$plaintext_pw = 'PASSWORD';
$secure_pw = ConvertTo-SecureString $plaintext_pw -AsPlainText -Force; 
Import-PfxCertificate -Password $secure_pw  -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx;

Upvotes: 0

Sandeep Khantwal
Sandeep Khantwal

Reputation: 391

To print the content of Root store:

certutil -store Root

To output content to a file:

certutil -store Root > root_content.txt

To add certificate to Root store:

certutil -addstore -enterprise Root file.cer

Upvotes: 3

Alan Jebakumar
Alan Jebakumar

Reputation: 317

The below 'd help you to add the cert to the Root Store-

certutil -enterprise -f -v -AddStore "Root" <Cert File path>

This worked for me perfectly.

Upvotes: 11

cobus
cobus

Reputation: 1

If there are multiple certificates in a pfx file (key + corresponding certificate and a CA certificate) then this command worked well for me:

certutil -importpfx c:\somepfx.pfx this works but still a password is needed to be typed in manually for private key. Including -p and "password" cause error too many arguments for certutil on XP

Upvotes: 0

pepo
pepo

Reputation: 8877

Look at the documentation of certutil.exe and -addstore option.

I tried 

certutil -addstore "Root" "c:\cacert.cer"

and it worked well (meaning The certificate landed in Trusted Root of LocalMachine store).

EDIT:

If there are multiple certificates in a pfx file (key + corresponding certificate and a CA certificate) then this command worked well for me:

certutil -importpfx c:\somepfx.pfx

EDIT2:

To import CA certificate to Intermediate Certification Authorities store run following command

certutil -addstore "CA" "c:\intermediate_cacert.cer"

Upvotes: 56

Related Questions