3

Using inetmgr, I made a pfx file containing the public and private keys for a certificate. Now I'm trying to install the pfx into another machine from the command prompt with

certutil -p <password> -importpfx root <path_to_pfxfile>

Unfortunately, this is only importing the public key. If I use the certmgr snap-in I can import both keys, but I need to be able to automate this. Can anybody help?

I say Reinstate Monica
  • 26,651
user1058410
  • 33

2 Answers2

4

The Import-PfxCertificate PowerShell command will probably do what you want. .

This would import the certificate(s) and keys stored in my.pfx file into the Trusted Root Certificate Authorities certificate store for the local machine.

Import-PfxCertificate –FilePath C:\mypfx.pfx cert:\localMachine\Root -Password $password

You may need to experiment a bit to find the name used for the certificate store of interest. I did this by copying the thumbprint of a certificate in the relevent store from the UI, removing spaces and then running

ls|where {$_.Thumbprint -eq "<thumprint value here, with spaces removed>"}

Which gave me this as part of the output.

Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root

Crippledsmurf
  • 1,540
0

certutil does not import the private key. You'll have to use another tool such as pk12util.

This question has been already answered. Please attempt to find a solution to your problem before asking a question.

See this answer: https://serverfault.com/questions/647658/how-to-add-an-existing-key-to-the-certutil-key-database

And this answer: https://stackoverflow.com/questions/27161403/how-to-setup-dart-to-use-a-ca-ssl-certificate/27176982#27176982

Community
  • 1
Alex G.
  • 81