I need to import a PEM certificate on a massive number of freshly installed Windows 7 Enterprise machines.
Normally, I would do it through MMC → Certificates (Local Computer) snap-in → Trusted Root Certificates → Import, but I need to speed things up. Therefore, I'd like to use only the command prompt.
With certmgr.exe
(not certmgr.msc
!), I would type:
certmgr.exe -add -c C:\certificate.pem -s -r localMachine root
The problem is that certmgr.exe
does not exist in Windows 7. How then can I add a certificate from the command line?
Best Answer
You need to use
certutil.exe
instead:will add the certificate to the Trusted Root Certification Authorities store.
If you want to add an Intermediate Certification Authority, replace
Root
withCA
and to add to your Personal store, change it toMy
.All the above adds the certificate to the Local Computer store. To add to the User store remove the
-enterprise
from the command line:The
-f
in the command simply forces an overwrite in the case where the certificate is already installed.