How to install a Certificates using powershell script

Question

I am trying to install a certificate through a PowerShell script. I am using the Import-Certificate method, as suggested in the Microsoft PowerShell documentation.

Here's my code:

$script = {
    $file = ( Get-ChildItem -Path  C:\Users\Administrator\Desktop\newCert.cer )
    $file | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
    echo $file
    }

invoke-command -Credential $clientCred -ComputerName $ClientIP -ScriptBlock $script

I get the following error:

UI is not allowed in this operation
    + CategoryInfo          : InvalidArgument: (:) [Import-Certificate], ArgumentException 

I'm not sure where is this going wrong - it would be really helpful if someone could point me in the right direction.

Answer 1

The problem here is that when you install the certificate to Cert:\CurrentUser\Root (Trusted Root CAs in the current user account), underlying CryptoAPI invokes the following dialog:

And this is why error message mentions UI. Since you are attempting to install the certificate in the remoting session it is impossible to press the button in the remote host's interactive session. This is why UI dialogs are prohibited.

What you can do is to install the certificate to Local Machine store. That is, install it to Cert:\LocalMachine\Root.

Note that when installing a root certificate to the local machine store, it is automatically propagated to all user accounts on that machine. That is, an unintentional trust can be established for users where such trust might not be supposed.