Menu
It's relatively easy to import a certificate into the user's personal store from a pfx file by using CertUtil:
certutil –f –p [certificate_password] –importpfx C:\[certificate_path_and_name].pfx But this ends up in the Personal Store of the current user. I need it in TrustedPeople on LocalMachine.
Is there any way I can do this from the command line, either by calling different arguments on certutil importpfx, using another certutil command or a different utility? Powershell is another possibility, although I don't know much about it.
Cheers, Matt
853
Start Windows Explorer and select and hold (or right-click) the . pfx file, then select Open to open the Certificate Import Wizard. Follow the procedure in the Certificate Import Wizard to import the code-signing certificate into the Personal certificate store.
Right-click the Personal folder, select All tasks and Import… Type the file name or click Browse and select the certificate you want to import. Certificate store.
In order to get a list of valid CertStoreLocation values, open Powershell and run "cd cert:". Afterwards type "dir". Prompts you for confirmation before running the cmdlet. Specifies the path to a certificate file to be imported.
Anchoring my findings here for future readers.
Import certificate to Trusted Root Certification Authorities on Local Machine:
CERTUTIL -addstore -enterprise -f -v root "somCertificat.cer" Import pfx to Personal on local machine
CERTUTIL -f -p somePassword -importpfx "somePfx.pfx" Import pfx to Trusted People on local machine - Link to importpfx.exe
importpfx.exe -f "somePfx.pfx" -p "somePassword" -t MACHINE -s "TRUSTEDPEOPLE" Import certificate to Trusted People on local machine
Certutil -addstore -f "TRUSTEDPEOPLE" "someCertificate.cer" To anyone else looking for this, I wasn't able to use certutil -importpfx into a specific store, and I didn't want to download the importpfx tool supplied by jaspernygaard's answer in order to avoid the requirement of copying the file to a large number of servers. I ended up finding my answer in a powershell script shown here.
The code uses System.Security.Cryptography.X509Certificates to import the certificate and then moves it into the desired store:
function Import-PfxCertificate { param([String]$certPath,[String]$certRootStore = "localmachine",[String]$certStore = "My",$pfxPass = $null) $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 if ($pfxPass -eq $null) { $pfxPass = read-host "Password" -assecurestring } $pfx.import($certPath,$pfxPass,"Exportable,PersistKeySet") $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore) $store.open("MaxAllowed") $store.add($pfx) $store.close() } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
