1

I have self-signed pfx certificate, and machine with 2 users (A and B). I need to install the certificate using some command line tool and it should be available for all users.

In case user A installs the certificate manually in LocalMachine\My or LocalMachine\Root it is available only for user A because user B doesn't have private key permissions.

I tried 

winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\Root

but it doesn't help, certificate is available only for user that runs winhttpcertcfg.

I tried 

winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\My

but it installs the certificate in Root instead of My regardless -c parameter.

I tried

certutil -f -p pass -importpfx "cert.pfx"

but it doesn't help, certificate is available only for user that runs certutil.

In case My store the issue can be fixed manually:

  • Right click on the certificate in Local Machine Cert Manager -> All Tasks -> Manage Private Keys
  • Add users A and B and set necessary permissions.

But I need some automatic way that I will use while installing my applications.

Evgeniy
  • 403
  • 1
  • 8
  • 18

2 Answers2

0

To import certificate you can use this powershell command

Import-PfxCertificate -FilePath $certFilename cert:$certStoreLocation -Password $mypwd

and use this for managing permissions

How to Grant permission to user on Certificate private key using powershell?

Community
  • 1
  • 1
Balpreet Patil
  • 1,644
  • 2
  • 16
  • 16
0

Import-PfxCertificate has been giving me issues when trying to grant permissions to the private key. The returned certificate and the certificate object grabbed using the 

cert:\LocalMachine\My

both have null on the private key property.

I have to use a x509 certificate store and x509certifcate2 object to import the certificate and private key. Then I'm able to change the private key permissions in powershell

McFrank
  • 331
  • 3
  • 11