Import a certificate to “Trusted Root Certification Authorities” using command prompt

Issue

I recently ran into an issue where mmc.exe was crashing when adding the certificates snap-in and I was not able to import a rootCA certificate into the “Trusted root Certificate Authorities”.  I received the following error when adding the certificates snap-in.

Faulting application mmc.exe, version 6.0.6002.18005, time stamp 0x49e01c0a, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000374, fault offset 0x000b13ac, process id 0x1c50, application start time 0x01d287ca285af422.

Workaround

I was more interested in a workaround then fixing the problem as all I needed to do is add the root CA cert.  I found a workaround which is to open up the certificates snap-in through the command prompt but the problem is it opens it up as “My user account” instead of “Computer Account” so the rootCA will only work for my user account which is not good.

mmc %SystemRoot%\system32\certmgr.msc

In windows 8 and above the following opens up mmc certificates as a”Computer Account”
Apparently copying certml.msc from windows 8 to 2008 will work, not sure about 2003 haven’t tried it.

c:\windows\system32\certml.msc

The Fix

I was able to import the rootCA certificate into the “Trusted Root Certificate Authorities” on “Local Machine” by executing the below command, open command prompt as administrator.

CERTUTIL -addstore -enterprise -f -v root “mycert.cer”

Examples

Import a certificate to the “Trusted Root Certification Authorities” on Local Machine:
CERTUTIL -addstore -enterprise -f -v root “mycert.cer”

Import a certificate to the Trusted People on Local Machine
CERTUTIL -addstore -f “TRUSTEDPEOPLE” “mycertificate.cer”

Import a pfx file to Personal on Local Machine
CERTUTIL -f -p pfxpassword -importpfx “myPfx.pfx”

Import a pfx file to the Trusted People on Local Machine
importpfx.exe -f “somePfx.pfx” -p “pfxpassword” -t MACHINE -s “TRUSTEDPEOPLE”

CertUtil is not able to add a pfx file into Truested people, importpfx.exe works fine.
Importpfx.exe – Link to the utility

This entry was posted in Microsoft and tagged , , , , , , . Bookmark the permalink.

One Response to Import a certificate to “Trusted Root Certification Authorities” using command prompt

  1. Michael says:

    Question, I can get this to work from command line, ‘thought’ I had it working in a .bat file but now it no longer works, is there something I’m missing?

    certutil.exe –f -user –p XqpQ28%SMO –importpfx “c:\ASNET_DelawareLife_79065_Client.pfx”

Leave a Reply

Your email address will not be published. Required fields are marked *