Import Certificate to Trusted Root but not to Personal [Command Line]

Question

I am trying to import two certificates to my local machine using the command line.

I have one certificate to add to the Personal Store of the local machine, and another one to add to the Trusted Root Certification Authorities.

Here is the command to had to Personal Store and not to add at root:

certutil -f -importpfx CA.pfx NoRoot

And to add at Trusted Root and not personal ? Is there any tag ? I didn't found at command help "/?"

pepo · Answer 1 · 2016-04-21T18:54:02.950

56

Look at the documentation of certutil.exe and -addstore option.

I tried

certutil -addstore "Root" "c:\cacert.cer"

and it worked well (meaning The certificate landed in Trusted Root of LocalMachine store).

EDIT:

If there are multiple certificates in a pfx file (key + corresponding certificate and a CA certificate) then this command worked well for me:

certutil -importpfx c:\somepfx.pfx

EDIT2:

To import CA certificate to Intermediate Certification Authorities store run following command

certutil -addstore "CA" "c:\intermediate_cacert.cer"

edited Apr 21 '16 at 18:54

answered May 26 '14 at 14:45

pepo

8,644
2
27
42

2

yes but my certificate is a .pfx file, so I have to use the tag "-importpfx" and using that I can't use "-addstore"... Can you try to check it? thanks for your reply – TiagoM May 26 '14 at 15:10
If I understand correctly you have one pfx file that contains private key and corresponding certificate and one CA certificate. If you import the pfx in personal store I believe that CA certificate will also be installed there. Then you need to separate CA certificate from pfx file into separate file and use the command I posted to install it into Root cert store. – pepo May 27 '14 at 06:41

score 7 · Answer 2 · answered Jan 17 '18 at 19:28

7

The below 'd help you to add the cert to the Root Store-

certutil -enterprise -f -v -AddStore "Root" <Cert File path>

This worked for me perfectly.

answered Jan 17 '18 at 19:28

Alan Jebakumar

167
2
12

Thanks! The -enterprise option helped to install the certificate silently without the graphical popup. – gjegadesh Apr 30 '18 at 15:12
1

@gjegadesh I'd say that comes from option `-f` from force – João Pimentel Ferreira Oct 22 '20 at 10:09

score 3 · Answer 3 · answered Oct 04 '19 at 06:30

3

To print the content of Root store:

certutil -store Root

To output content to a file:

certutil -store Root > root_content.txt

To add certificate to Root store:

certutil -addstore -enterprise Root file.cer

answered Oct 04 '19 at 06:30

Sandeep Khantwal

191
1
7

score 0 · Answer 4 · answered Jun 26 '17 at 12:43

If there are multiple certificates in a pfx file (key + corresponding certificate and a CA certificate) then this command worked well for me:

certutil -importpfx c:\somepfx.pfx this works but still a password is needed to be typed in manually for private key. Including -p and "password" cause error too many arguments for certutil on XP

score 0 · Answer 5 · answered Nov 16 '20 at 03:08

There is a fairly simple answer with powershell.

Import-PfxCertificate -Password $secure_pw  -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx

The trick is making a "secure" password...

$plaintext_pw = 'PASSWORD';
$secure_pw = ConvertTo-SecureString $plaintext_pw -AsPlainText -Force; 
Import-PfxCertificate -Password $secure_pw  -CertStoreLocation Cert:\LocalMachine\Root -FilePath certs.pfx;

Import Certificate to Trusted Root but not to Personal [Command Line]

5 Answers5

Linked