28

My school's web pages have self-trusted certificates (you must install them manually). I want to create a program that will install a certificate.cer (from Visual Studio resources) to the local user's Trusted root certificate authority.

Do you know how I can do this in C#?

alex
  • 6,818
  • 9
  • 52
  • 103
DroidBellmer
  • 301
  • 2
  • 4
  • 5

1 Answers1

67

To add the certificate to the trusted root store for the current user programmatically, use the X509Store and X509Certificate2 classes. For example:

string file; // Contains name of certificate file
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file)));
store.Close();

See also " How can I install a certificate into the local machine store programmatically using c#? ".

Another option is the Certificate Manager command line (certmgr.exe) tool, specifically:

certmgr /add cert.cer /s Root

where "cert.cer" is your certificate. This imports it into the trusted root store for the current user. However, certmgr.exe is part of Visual Studio and the Windows SDK and may not be freely distributable.

Community
  • 1
  • 1
akton
  • 14,148
  • 3
  • 43
  • 47
  • 1
    Do I need administrative access for account under which I run this code? – Johnny_D Oct 08 '14 at 09:53
  • @Johnny_D You need administrator access for modifying system wide certificate stores, such as "Root". You do not need administrator access for modifying your personal certificate stores, such as "My". – akton Oct 08 '14 at 23:25
  • That's some kind of problem, as I need to do it inside of Azure virtual machine. Am I supposed to somehow create a Admin user and impersonate context where I add cetificate? – Johnny_D Oct 09 '14 at 08:26
  • @Johnny_D From what I understand, Azure has different methods for installing certificates depending on what it is used for. This is probably worth its own question but what are you trying to achieve? – akton Oct 10 '14 at 08:11
  • I have some functionality which depends on certificates. And I need to install/update them while virtual machine instance is working. – Johnny_D Oct 10 '14 at 08:13
  • @Johnny_D You can manually upload certificates to Azure instances. See http://msdn.microsoft.com/en-us/library/azure/ff795779.aspx#upload for more info. What you need to do beyond that depends on how you use them. – akton Oct 10 '14 at 08:15
  • That is the problem, a have too many instances to do it manually ) – Johnny_D Oct 10 '14 at 08:16
  • 1
    @Johnny_D From the above link "Windows Azure automatically deploys the certificate to the VMs on which your role instances are running". As I said, I know little about Azure so I am probably missing something. This may be worth its own question on this site. – akton Oct 10 '14 at 08:22
  • Got, anyway thanks for help. Will try to investigate it more detailed. – Johnny_D Oct 10 '14 at 08:25
  • I wonder why isn't it "accepted answer". It just works. I'm surprised it doesn't cause any confirmation box (and I'm glad, I hate these boxes). From the other hand - if user granted administrator privileges for the program, any questions should end there ;) – Harry Mar 04 '16 at 10:02
  • Do you know how to add it in a "quiet" mode? I'm adding a self-signed certificate and it prompts. I need to run this as a script across multiple machines. – BradLaney Dec 02 '16 at 18:22
  • @BradLaney Which script are you referring to? The C# code, certmgr.exe or something else? – akton Dec 03 '16 at 07:05
  • @akton The certmgr code. I ended up using the C# code as an exe that takes params. – BradLaney Dec 05 '16 at 19:06
  • Hi @Johnny_D: can you do that not on a VM but on an Azure web service 'on the cloud thing'? that URL is not working anymore – João Antunes Apr 16 '18 at 21:34
  • @akton you rock, this is exactly what I was missing. – Baggers Jun 25 '18 at 16:54
  • Do I need to restart the machine after installing the certificate file? – Kathir Subramaniam Sep 11 '18 at 06:21
  • No but you may need to restart the service or other application that uses the certificate if it loads it at startup. – akton Sep 11 '18 at 08:23