Importing .PEM certificates on Windows 7 on the command line
You need to use certutil.exe
instead:
certutil –addstore -enterprise –f "Root" <pathtocertificatefile>
will add the certificate to the Trusted Root Certification Authorities store.
If you want to add an Intermediate Certification Authority, replace Root
with CA
and to add to your Personal store, change it to My
.
All the above adds the certificate to the Local Computer store. To add to the User store remove the -enterprise
from the command line:
certutil –addstore –f "Root" <pathtocertificatefile>
The -f
in the command simply forces an overwrite in the case where the certificate is already installed.
Related videos on Youtube
Ben N
Software developer, general IT consultant, and PowerShell enthusiast. Creator of Policy Plus, SprintDLL, Abiathar, and TextMarshal. Enneagram 5.
Updated on September 18, 2022Comments
-
Ben N over 1 year
I need to import a PEM certificate on a massive number of freshly installed Windows 7 Enterprise machines.
Normally, I would do it through MMC → Certificates (Local Computer) snap-in → Trusted Root Certificates → Import, but I need to speed things up. Therefore, I'd like to use only the command prompt.
With
certmgr.exe
(notcertmgr.msc
!), I would type:certmgr.exe -add -c C:\certificate.pem -s -r localMachine root
The problem is that
certmgr.exe
does not exist in Windows 7. How then can I add a certificate from the command line? -
KeyszerS almost 8 yearsOne of the most useful answers I've seen for a long time, especially with the additional hints. Upvoted.
-
David162795 almost 7 yearsWhere to get certutil.exe ? The only links I found are for 32bit only
-
garethTheRed almost 7 yearsOn every Windows computer :-) It should be installed by default on every Windows installation.
-
antak about 5 yearsTo add to the User store remove the -enterprise: Removing
-enterprise
appears to try add it to the machine store and-user
was required to choose the user store. Maybe things changed in Windows 10. Here's the relevant doc: Use-user
to access a user store instead of a machine store.--docs.microsoft.com/en-us/windows-server/administration/…