When you install or delete a root CA certificate using the commandline tools CertUtil.exe or CertMgr.exe, Windows asks the user for confirmation using a MessageBox (for certificates other than root CA ones, this question is not asked), even for the root CA certificate store for the current user.
For unattended certificate updates, that is a hassle.
I have seen this behaviour on Windows XP, Vista and 7 (I have not checked Windows Server 2003 and 2008 yet, but I assume they ask this question as well).
I have two questions:
- Why is Windows asking that question, even when you install/delete it from a command-line tool?
- How can I suppress this (other than observing the dialog boxes coming up and sending Windows messages to press the "Yes" button)?
The MessageBox confirmation dialogs look like this:
[Root Certificate Store]
Do you want to DELETE the following certificate from the Root Store?
...
[&Yes] [&No]
and this:
[Security Warning]
You are about to install a certificate from a certification authority (CA) claiming to represent:
...
[&Yes] [&No]
--jeroen