Import self-signed certificate with private key on Windows from command prompt

2

Using inetmgr, I made a pfx file containing the public and private keys for a certificate. Now I'm trying to install the pfx into another machine from the command prompt with

certutil -p <password> -importpfx root <path_to_pfxfile>

Unfortunately, this is only importing the public key. If I use the certmgr snap-in I can import both keys, but I need to be able to automate this. Can anybody help?

user1058410

Posted 2015-09-11T22:36:01.620

Reputation: 23

The Import-PfxCertificate PowerShell command will probably do what you want. I'm not in a position to test this right now, but the documentation is here: https://technet.microsoft.com/en-us/library/hh848625(v=wps.630).aspx

– Crippledsmurf – 2015-09-11T23:13:33.570

Thanks. I'll try it on Monday. Post it as an answer, and if it works i'll pick it. – user1058410 – 2015-09-12T05:15:39.970

Answers

3

The Import-PfxCertificate PowerShell command will probably do what you want. .

This would import the certificate(s) and keys stored in my.pfx file into the Trusted Root Certificate Authorities certificate store for the local machine.

Import-PfxCertificate –FilePath C:\mypfx.pfx cert:\localMachine\Root -Password $password

You may need to experiment a bit to find the name used for the certificate store of interest. I did this by copying the thumbprint of a certificate in the relevent store from the UI, removing spaces and then running

ls|where {$_.Thumbprint -eq "<thumprint value here, with spaces removed>"}

Which gave me this as part of the output.

Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root

Crippledsmurf

Posted 2015-09-11T22:36:01.620

Reputation: 1 442

0

certutil does not import the private key. You'll have to use another tool such as pk12util.

This question has been already answered. Please attempt to find a solution to your problem before asking a question.

See this answer: https://serverfault.com/questions/647658/how-to-add-an-existing-key-to-the-certutil-key-database

And this answer: https://stackoverflow.com/questions/27161403/how-to-setup-dart-to-use-a-ca-ssl-certificate/27176982#27176982

Alex G.

Posted 2015-09-11T22:36:01.620

Reputation: 81

I should have been more specific. The other machine is really a windows azure web role, and I need the certificate imported when the role starts up. So using open-ssl tools are not an option. – user1058410 – 2015-09-12T05:18:27.343

Asked: 2015-09-11T22:36:01.620

Viewed: 8 063 times

Active: 2015-09-12T08:02:25.013