none
CertMgr.exe : install thrusted publisher certificate problem

    Question

  • Hi,

    I have a certificate installation problem present only under Vista. I install the certificate by command line :

    CertMgr.exe -add certificate.cer -s -r localMachine root

    It works perfectly on Windows 2000, 2003 and XP, but under Vista I get this error message:

    Error: Failed to save to the destination store
    CertMgr Failed

    Of course I use an administrator account and I downloaded the latest CertMgr.exe (present in the vista SDK). The command works if I replace localMachine by currentUser. I made some tests on the machine, I'm able to import the certificate to the localMachine store if I use the MMC user interface. In the other hand, if I try the CertMgr.msc UI, only the currentUser branch is offered to me so I can't import to localMachine from here.

    I need to get the work done automaticly, asking the clients to import this certificate manually is not an option...

    Someone have an idea?

    Thanks
    Thursday, April 10, 2008 2:34 PM

All replies

  • Indiana Nic,

     

    CertMgr.exe can fail for localMachine on Vista because of User Access Control.  Right click the executable and select Properties.  On the Compatibility tab at the bottom check "Run this program as an administrator".  From then on running CertMgr.exe for localMachine should bring up the UAC prompt.  When you select "Continue" it should complete successfully.

     

    If you are doing this from a script, try copying certmgr.exe to the local hard drive either to %temp% or to a permanent location.  Under the key HKLM or HKCU "\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" create a string value whose name is the full path to the executable.  Set the value as "RUNASADMIN".  Under HKCU this value will cause the UAC prompt to appear, unless you put it in quiet mode first.  http://msdn2.microsoft.com/en-us/library/cc206328.aspx.  I don't have Vista available to me at the moment, so I don't know what happens with the value under HKLM.

     

    If anyone knows how Vista designates the value names for removable media under these keys, I would be interested in hearing it.

     

    Franklin

    Monday, April 21, 2008 10:24 PM