none
CertMgr.exe adding password protected .pfx files RRS feed

  • Question

  • Not sure if this is the correct subforum.

    I'm trying to use CertMgr.exe to import a certificate into the currentUser trustedpublisher store.

    Syntax should be CertMgr /add OutputFile.cer /s /r currentUser trustedpublisher

    However the certificate I've been given is a password protected .pfx file

    How do I get this into the correct store?

    • Moved by 宝宝徐 Wednesday, November 2, 2016 1:24 AM
    Tuesday, November 1, 2016 12:05 PM

Answers

All replies

  • Hi Eric G-S,

    Thank you for your post.

    This forum is discussing about  .Net Framework Setup and Servicing.

    As your issue is related to .Net Framework CLR ,I help you move this case to .NET Framework  Common Language Runtime Internals and Architecture forum for dedicated support.

    Thank you for your understanding.

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, November 2, 2016 1:27 AM
  • Hi Eric,

    >>However the certificate I've been given is a password protected .pfx file

    PFX file that store the private keys with the encrypt password information. So it is password-protected, you can do little about this if you don't have a password.

    >>How do I get this into the correct store?

    Please check the following blog, It would helps!

    See Section2:Install the root certificate into the Trusted Root Certificate Store

    https://blogs.msdn.microsoft.com/benjaminperkins/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning/

    Best regards,

    kristin


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    • Edited by Kristin Xie Wednesday, November 2, 2016 2:56 AM
    Wednesday, November 2, 2016 2:55 AM
  • Kristin Xie thank you for your reply. I have the password for the certificate and know how to manually add it to the correct store.

    However I need to be able to automate it in a script for a SCCM package. Which is why I wanted to use CertMgr. None of the documentation I've seen tells me how to use that tool with a .pfx file, everything is about .cer files which are not password protected.

    Wednesday, November 2, 2016 7:17 AM
  • However I need to be able to automate it in a script for a SCCM package. Which is why I wanted to use CertMgr. None of the documentation I've seen tells me how to use that tool with a .pfx file, everything is about .cer files which are not password protected.

    @Eric G-S,

    Thanks for coming back and provide more information.

    I've searched more, and I found someone write a bat file that use capicom.dll from this location below and registered capicom.dll to C:\windows\system32 directory:  http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=860EE43A-A843-462F-ABB5-FF88EA5896F6

    for more details, please refer to thread:

    I want to import pfx certificate file using the command line argument or Batch file, how can I do this?

    Best regards,

    Kristin


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    • Edited by Kristin Xie Thursday, November 3, 2016 7:43 AM
    Thursday, November 3, 2016 7:42 AM
  • Kristin Xie, thanks for the pointer. Unfortunately that tool is not suitable for a cmd line install as it requires more coding than I am able to do.

    However, following some links from that I came across the winhttpcertcfg tool which seems to do everything I need. https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85).aspx

    • Marked as answer by Eric G-S Thursday, November 3, 2016 11:28 AM
    Thursday, November 3, 2016 9:53 AM
  • Kristin Xie, thanks for the pointer. Unfortunately that tool is not suitable for a cmd line install as it requires more coding than I am able to do.

    However, following some links from that I came across the winhttpcertcfg tool which seems to do everything I need. https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85).aspx

    @Eric,

    Glad to hear you have worked it out, and thanks for sharing your solution here! It could be better  for someone who has the same issue.

    Best regards,

    Kristin


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, November 4, 2016 1:35 AM