Import pfx file into particular certificate store from command line

Question

It s relatively easy to import a certificate into the user s personal store from a pfx file by using CertUtil   certutil    f    p  certificate password     importpfx C   certificate path and name  pfx    But this ends up in the Personal Store of the current user  I need it in TrustedPeople on  LocalMachine   Is there any way I can do this from the command line  either by calling different arguments on certutil importpfx  using another certutil command or a different utility  Powershell is another possibility  although I don t know much about it   Cheers  Matt

User · Accepted Answer

Anchoring my findings here for future readers.

Import certificate to Trusted Root Certification Authorities on Local Machine:

CERTUTIL -addstore -enterprise -f -v root "somCertificat.cer"

Import pfx to Personal on local machine

CERTUTIL -f -p somePassword -importpfx "somePfx.pfx"

Import pfx to Trusted People on local machine - Link to importpfx.exe

importpfx.exe -f "somePfx.pfx" -p "somePassword" -t MACHINE -s "TRUSTEDPEOPLE"

Import certificate to Trusted People on local machine

Certutil -addstore -f "TRUSTEDPEOPLE" "someCertificate.cer"

User · Answer

Check these links  http   www orcsweb com blog james powershell-ing-on-windows-server-how-to-import-certificates-using-powershell   Import-Certificate  http   poshcode org 1937  You can do something like   dir -Path C  Certs -Filter   cer   Import-Certificate -CertFile    -StoreNames AuthRoot  Root -LocalMachine -Verbose

User · Answer

With Windows 2012 R2  Win 8 1  and up  you also have the  official  Import-PfxCertificate cmdlet  Here are some essential parts of code  an adaptable example    Invoke-Command -ComputerName  Computer -ScriptBlock           param               string   CertFileName               string   CertRootStore               string   CertStore               string   X509Flags               PfxPass           CertPath     Env SystemRoot  CertFileName           Pfx   New-Object System Security Cryptography X509Certificates X509Certificate2           Flags to send in are documented here  https   msdn microsoft com en-us library system security cryptography x509certificates x509keystorageflags 28v vs 110 29 aspx          Pfx Import  CertPath   PfxPass   X509Flags    Exportable PersistKeySet            Store   New-Object -TypeName System Security Cryptography X509Certificates X509Store -ArgumentList  CertStore   CertRootStore          Store Open  MaxAllowed            Store Add  Pfx          if                               Env ComputerName   Successfully added certificate                     else                          Env ComputerName   Failed to add certificate     Error 0  ToString   -replace    r n                              Store Close           Remove-Item -LiteralPath  CertPath       -ArgumentList  TempCertFileName   CertRootStore   CertStore   X509Flags   Password   Based on mao47 s code and some research  I wrote up a little article and a simple cmdlet for importing pushing PFX certificates to remote computers   Here s my article with more details and complete code that also works with PSv2  default on Server 2008 R2   Windows 7   so long as you have SMB enabled and administrative share access

User · Answer

To anyone else looking for this  I wasn t able to use certutil -importpfx into a specific store  and I didn t want to download the importpfx tool supplied by jaspernygaard s answer in order to avoid the requirement of copying the file to a large number of servers  I ended up finding my answer in a powershell script shown here   The code uses System Security Cryptography X509Certificates to import the certificate and then moves it into the desired store   function Import-PfxCertificate         param  String  certPath  String  certRootStore      localmachine     String  certStore      My     pfxPass    null        pfx   new-object System Security Cryptography X509Certificates X509Certificate2       if   pfxPass -eq  null                  pfxPass   read-host  Password  -assecurestring              pfx import  certPath  pfxPass  Exportable PersistKeySet          store   new-object System Security Cryptography X509Certificates X509Store  certStore  certRootStore        store open  MaxAllowed         store add  pfx        store close

User · Answer

Here is the complete code  import pfx  add iis website  add ssl binding    SiteName    MySite   HostName    localhost   CertificatePassword    1234   SiteFolder   Join-Path -Path  C  inetpub wwwroot  -ChildPath  SiteName  certPath    c  cert pfx    Write-Host  Import pfx certificate   certPath  certRootStore      LocalMachine     certStore    My   pfx   New-Object System Security Cryptography X509Certificates X509Certificate2  pfx Import  certPath  CertificatePassword  Exportable PersistKeySet     store   New-Object System Security Cryptography X509Certificates X509Store  certStore  certRootStore    store Open  ReadWrite    store Add  pfx    store Close     certThumbprint    pfx Thumbprint   Write-Host  Add website   SiteName New-WebSite -Name  SiteName -PhysicalPath  SiteFolder -Force  IISSite    IIS  Sites  SiteName  Set-ItemProperty  IISSite -name  Bindings -value   protocol  https  bindingInformation    443  HostName   if  applicationPool    Set-ItemProperty  IISSite -name  ApplicationPool -value  IISApplicationPool     Write-Host  Bind certificate with Thumbprint   certThumbprint  obj   get-webconfiguration    sites site  name   SiteName     binding    obj bindings Collection 0   method    binding Methods  AddSslCertificate    methodInstance    method CreateInstance    methodInstance Input SetAttributeValue  certificateHash    certThumbprint   methodInstance Input SetAttributeValue  certificateStoreName    certStore   methodInstance Execute

User · Answer

In newer version of windows the Certuil has  CertificateStoreName  where we can give the store name  In earlier version windows this was not possible   Installing   pfx certificate   certutil -f -p    -enterprise -importpfx root     Installing   cer certificate   certutil -addstore -enterprise -f -v root     For more details below command can be executed in windows cmd  C  certutil -importpfx -  Usage    CertUtil  Options  -importPFX  CertificateStoreName  PFXFile  Modifiers

User · Answer

For Windows 10  Import certificate to Trusted Root Certification Authorities for Current User  certutil -f -user -p oracle -importpfx root  quot example pfx quot   Import certificate to Trusted People for Current User  certutil -f -user -p oracle -importpfx TrustedPeople  quot example pfx quot   Import certificate to Trusted Root Certification Authorities on Local Machine  certutil -f -user -p oracle -enterprise -importpfx root  quot example pfx quot   Import certificate to Trusted People on Local Machine  certutil -f -user -p oracle -enterprise -importpfx TrustedPeople  quot example pfx quot

[powershell] Import pfx file into particular certificate store from command line

Examples related to powershell

Examples related to certificate

Examples related to certutil