I have some C# 4.0 code that attempts to install a CA (.der encoded) certificate into the "Trusted Root Certification Authorities" store for the current (My) user. My little console app runs silently against other stores, but for this store a GUI popup comes up "You are about to install a certificate from a certification authority... Windows cannot validate that the certificate is actually from..... Do you want to install this certificate?"
This messagebox is a problem because the idea is to automatically deploy the app with an MSI and silently get the right certs in the right place. Having a modal box will kill automated deployment.
How can this installation be done without a deployment-breaking messagebox?
An SSL certificate error occurs when a web browser can't verify the SSL certificate installed on a site. Rather than connect users to your website, the browser will display an error message, warning users that the site may be insecure.
It can sound not logical, but to have no warning you should add the certificate not to the Root certificate store of the current user, but to the Root of the local machine instead. You can easy verify that
certmgr.exe -add -c t.cer -s -r currentUser root
produce the security warning, but
certmgr.exe -add -c t.cer -s -r localMachine root
not.
So if you want import a certificate in .NET then the corresponding code could be about following
using System;
using System.Security.Cryptography.X509Certificates;
namespace AddCertToRootStore {
class Program {
static void Main (string[] args) {
X509Store store = new X509Store (StoreName.Root,
StoreLocation.LocalMachine);
store.Open (OpenFlags.ReadWrite);
X509Certificate2Collection collection = new X509Certificate2Collection();
X509Certificate2 cert = new X509Certificate2 (@"C:\Oleg\t.cer");
byte[] encodedCert = cert.GetRawCertData();
Console.WriteLine ("The certificate will be added to the Root...");
store.Add (cert);
Console.WriteLine("Verify, that the certificate are added successfully");
Console.ReadKey ();
Console.WriteLine ("The certificate will be removed from the Root");
store.Remove (cert);
store.Close ();
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With