locked
How do I install certificate (.cer) file into system automatically ? RRS feed

  • Question

  • Hi

    My UWP app is already installed into client's machines. This app is not onto windows store. First time they installed manually but after that when we made some update and commit the code a job is triggered by devops and create a package and uploaded into server. Clients receive a push and download the package into app data and get upgrade automatically as we have made code using ProcessStartInfo into console and calling this method as fulltrust from UWP app. This process is working fine from last 1 year.

    Now problem is, on client's machine certificate got expired, due to this my automatic installation code failed bcs it runs only when package not ask for certificate installation process.

    Now I found a code to install certificate automatically, below is the code-

                    string cerPath = "certificate file path"
                    X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
                    store.Open(OpenFlags.ReadOnly);
                    store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(cerPath)));
                    store.Close();

    Its working fine when I used StoreLocation.CurrentUser but throwing "Access denied error' when using "StoreLocation.LocalMachine". And I need to installed certificate into as LocalMachine only then only I would be able to install package with my code means without asking certificate installation process.  

    I have admin privilege but still I am getting "Access denied error". If I run this console (.exe) right click and open run as admin its working fine but I need it automatically through code. What I need to add into code for running it as admin. or any other solution? 

    Thanks

    Sandeep 


    sandeep chauhan

    Thursday, July 25, 2019 2:28 PM

Answers

  • SOLUTION-

    I did UAC prompt as never notify manually and modified .bat file as below-

    @echo off 
     call :isAdmin 
     if %errorlevel% == 0 ( 
     goto :run 
     ) else ( 
     echo Requesting administrative privileges... 
     goto :UACPrompt 
     ) 
     exit /b 
     :isAdmin 
     fsutil dirty query %systemdrive% >nul 
     exit /b 
     :run 

    ------------------your command-----------------------

    exit /b 
     :UACPrompt 
     echo Set UAC = CreateObject^ ("Shell.Application"^) > "%temp%\getadmin.vbs" 
     echo UAC.ShellExecute "cmd.exe", "/c %~s0 %~1", "", "runas", 1 >> "%temp%\getadmin.vbs" 
     "%temp%\getadmin.vbs" 
     del "%temp%\getadmin.vbs" 
      exit /B` 

    Now you can run your .bat file through ProcessStartInfo class in c#. No admin prompt will show to user for manual input (YES/NO). Its totally automation.

    Please let me know if anyone face any issue for same.

    Thanks & Regards

    Sandeep Chauhan


    sandeep chauhan

    Wednesday, August 21, 2019 2:05 PM

All replies

  • Hi,

    This is by design. You had already find the way to do it. Run the app as admin so that you could install the cert into LocalMachine.

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, July 26, 2019 2:08 AM
  • Hi Roy

    Thanks for reply!

    Yes, but I need this code run as admin through programmatically 

      string cerPath = "certificate file path"
                    X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
                    store.Open(OpenFlags.ReadOnly);
                    store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(cerPath)));
                    store.Close();


    sandeep chauhan

    Friday, July 26, 2019 6:16 AM
  • I also made a .bat file to install the certificate.

    CERTUTIL -addstore -enterprise -f -v root ".cer file path"

    but still same problem how I run this .bat file "Run as Admin" programmatically.

    I tried to call it through ProcessStartInfo class and used .Verb = "runas". Its working fine but  There has to be difference between Verb = "runas" and the manually clicked Run as administrator. That is my problem.


    Thanks

    Sandeep


    sandeep chauhan

    Friday, July 26, 2019 12:17 PM
  • Hi,

    UWP apps could run as Admin only if you add allowElevation capability to it. This is a restricted capability which means you need to get Microsoft's approval when the app is uploaded to the store.  You could search for "App Elevation Samples -stefanwick" in your search engine and you will find a blog about this. 

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, July 29, 2019 4:30 AM
  • SOLUTION-

    I did UAC prompt as never notify manually and modified .bat file as below-

    @echo off 
     call :isAdmin 
     if %errorlevel% == 0 ( 
     goto :run 
     ) else ( 
     echo Requesting administrative privileges... 
     goto :UACPrompt 
     ) 
     exit /b 
     :isAdmin 
     fsutil dirty query %systemdrive% >nul 
     exit /b 
     :run 

    ------------------your command-----------------------

    exit /b 
     :UACPrompt 
     echo Set UAC = CreateObject^ ("Shell.Application"^) > "%temp%\getadmin.vbs" 
     echo UAC.ShellExecute "cmd.exe", "/c %~s0 %~1", "", "runas", 1 >> "%temp%\getadmin.vbs" 
     "%temp%\getadmin.vbs" 
     del "%temp%\getadmin.vbs" 
      exit /B` 

    Now you can run your .bat file through ProcessStartInfo class in c#. No admin prompt will show to user for manual input (YES/NO). Its totally automation.

    Please let me know if anyone face any issue for same.

    Thanks & Regards

    Sandeep Chauhan


    sandeep chauhan

    Wednesday, August 21, 2019 2:05 PM