Import certificates using command line on Windows
59,801
If you are on a current version of Windows, you can use PowerShell cmdlets:
Import-Certificate -FilePath "C:\CA-PublicKey.Cer" -CertStoreLocation Cert:\LocalMachine\Root
otherwise use certutil:
certutil.exe -addstore root c:\capublickey.cer
![Livy](https://i.stack.imgur.com/e5zgq.png?s=256&g=1)
Author by
Livy
Updated on September 18, 2022Comments
-
Livy almost 2 years
I need to import a certificate file to
Trusted Root Certification Authorities
store, to get rid of an SSL warning when visiting my local website. The way I currently do it is lengthy: use Google Chrome → Settings → Advanced → Privacy and security → Manage certificates → Trusted Root Certification Authorities → Import...It looks like some sort of Windows snap-in rather than a custom window of Chrome. This is dumb to do all these steps just to import a 1KiB certificate file. Can I do it on PowerShell, so that this action can be automated via script? Or at least how can I open the above window without Google Chrome?
-
Livy over 4 yearsHaven't test
certutil.exe
, butImport-Certificate
works. Btw, what is the difference betweencert:\CurrentUser\Root
andCert:\LocalMachine\Root
? I am not familiar with Windows shell scripting. -
Peter Hahndorf over 4 years@Livy - as the names suggest
CurrentUser
is the certificate store only for the currently logged-on user,LocalMachine
is computer-wide, and those certificates can be used by all users. -
Livy over 4 yearsSo that's why I can no longer use the Certificates window above to remove it, as it requires administrative permission. I think I will add it to
cert:\CurrentUser\Root
next time. -
0xC0000022L over 4 years@Livy because these are two different stores. The same utility can be used - in principle - to interact with the certificate store, but
certmgr.msc
is hardwired to the "current user" trust store. If you want any of the others, usemmc.exe
and add the appropriate snap-in wired to an alternative trust store. -
João Pimentel Ferreira almost 4 yearshow can I use
certutil.exe
to add a certificate available in a URL? -
Peter Hahndorf almost 4 years@JoãoPimentelFerreira - You should ask a new question and explain what you mean. A URL doesn't contain a certificate.
-
João Pimentel Ferreira almost 4 years@PeterHahndorf I meant if I have on my server a direct link to the public certificate file
http://exemple.com/direct/path/to/capublickey.cer
-
Geoffrey over 2 yearsThis works for Chrome, but not for Firefox.