32

I need to import a certificate file to Trusted Root Certification Authorities store, to get rid of an SSL warning when visiting my local website. The way I currently do it is lengthy: use Google Chrome → Settings → Advanced → Privacy and security → Manage certificates → Trusted Root Certification Authorities → Import...

enter image description here

It looks like some sort of Windows snap-in rather than a custom window of Chrome. This is dumb to do all these steps just to import a 1KiB certificate file. Can I do it on PowerShell, so that this action can be automated via script? Or at least how can I open the above window without Google Chrome?

Improve this question

2 Answers 2

Reset to default
51

If you are on a current version of Windows, you can use PowerShell cmdlets:

Import-Certificate -FilePath "C:\CA-PublicKey.Cer" -CertStoreLocation Cert:\LocalMachine\Root

otherwise use certutil:

certutil.exe -addstore root c:\capublickey.cer
Improve this answer
9
  • Haven't test certutil.exe, but Import-Certificate works. Btw, what is the difference between cert:\CurrentUser\Root and Cert:\LocalMachine\Root? I am not familiar with Windows shell scripting.
    – Livy
    Commented Dec 2, 2019 at 11:14
  • 1
    @Livy - as the names suggest CurrentUser is the certificate store only for the currently logged-on user, LocalMachine is computer-wide, and those certificates can be used by all users.
    – Peter Hahndorf
    Commented Dec 2, 2019 at 16:28
  • So that's why I can no longer use the Certificates window above to remove it, as it requires administrative permission. I think I will add it to cert:\CurrentUser\Root next time.
    – Livy
    Commented Dec 2, 2019 at 18:53
  • @Livy because these are two different stores. The same utility can be used - in principle - to interact with the certificate store, but certmgr.msc is hardwired to the "current user" trust store. If you want any of the others, use mmc.exe and add the appropriate snap-in wired to an alternative trust store.
    – 0xC0000022L
    Commented Feb 26, 2020 at 15:44
  • 1
    how can I use certutil.exe to add a certificate available in a URL?
    – João Pimentel Ferreira
    Commented Aug 19, 2020 at 21:53
2

certutil -p "**password**" -importpfx Root "**ca-File.p12**" worked for me from cmd line.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .