CODEWITHSUNDEEP
camkcert
Syed Zeeshan
Syed Zeeshan

Reputation: 51

MKcert - ERROR: add cert: failed adding cert: Access is denied

Lately I have started facing an issue while installing mkcert on my windows system. I have done this by using admin rights.

PS C:\WINDOWS\system32> mkcert -install ERROR: add cert: failed adding cert: Access is denied.

Please help me resolve this issue.

Upvotes: 1

Views: 998

Answers (1)

池边树下
池边树下

Reputation: 11

var (
    modcrypt32                           = syscall.NewLazyDLL("crypt32.dll")
    procCertAddEncodedCertificateToStore = modcrypt32.NewProc("CertAddEncodedCertificateToStore")
    procCertCloseStore                   = modcrypt32.NewProc("CertCloseStore")
    procCertDeleteCertificateFromStore   = modcrypt32.NewProc("CertDeleteCertificateFromStore")
    procCertDuplicateCertificateContext  = modcrypt32.NewProc("CertDuplicateCertificateContext")
    procCertEnumCertificatesInStore      = modcrypt32.NewProc("CertEnumCertificatesInStore")
    // procCertOpenSystemStoreW             = modcrypt32.NewProc("CertOpenSystemStoreW")  // ERROR: add cert: failed adding cert: Access is denied
    // procCertOpenSystemStoreW             = modcrypt32.NewProc("CertOpenStore")
)

I will going to replace "CertOpenSystemStoreW" with "syscall.CertOpenStore"

func (w windowsRootStore) addCert(cert []byte) error {

    store, err := syscall.CertOpenStore(10, 0, 0,
        0x4000|0x20000|0x00000004, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("root"))))
    if err != nil {
        return err
    }
    defer syscall.CertCloseStore(store, 0)

    _, _, err = procCertAddEncodedCertificateToStore.Call(uintptr(store), 1, uintptr(unsafe.Pointer(&cert[0])), uintptr(uint(len(cert))), 4, 0)
    if err.(syscall.Errno) != 0 {
        return err
    }

    return nil
}

Reference c language:

static int crypto_import_pawdroot()
{
    HCERTSTORE hCertStore;
    BOOL bRet;

    hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
        0, 0L, CERT_SYSTEM_STORE_LOCAL_MACHINE, "ROOT");
    if (hCertStore == NULL) {
        return -1;
    }

    bRet = CertAddEncodedCertificateToStore(hCertStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
        kPawdRootCert, kPawdRootCertLen, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
    CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);

    return bRet ? 0 : -2;
}

Upvotes: 1

Related Questions