none
Adding a certificate in existing store of a PC RRS feed

  • Question

  • I am trying to add "XYZ.cer" to existing store in local system. 

    I use command  <certutil.exe -addstore -f  "Trusted Root Certification Authorities" xyz.cer

    Problem is that, after successful completion of command it creates new store with name "Trusted Root Certification Authorities"  as existing one. I want to add this "xyz.cer" certificate to existing store "Trusted Root Certification Authorities" WITHOUT creating a duplicate store. 

    If I don't use double quote in Trusted Root Certification Authorities, command fails.

    Can anyone help me on this? Thanks in advance.

    Wednesday, January 15, 2014 11:08 AM

Answers

  • -addstore is the correct parameter to add certificates, but you don't use the display name of the store. The actual name of the "Trusted Root Certification Authorities" is just "root".

    Try this:

    certutil.exe -addstore -f root xyz.cer

    The -f switch is "force overwrite"; you can leave that in or not, whatever your preference.

    Wednesday, January 15, 2014 12:58 PM
  • For the Personal store, use a store name of "My":

    certutil.exe -addstore -f My xyz.cer

    Wednesday, January 15, 2014 2:28 PM

All replies

  • The command you are using is used to create a new store.

    You are posting in the scripting forum.  I think you want the security forum.

    Use your search engine to find examples of how to use the certificate services.


    ¯\_(ツ)_/¯

    Wednesday, January 15, 2014 12:25 PM
  • Yes, what would be the switch to add new certificate in existing store? is that "-store" instead of "-addstore"?

    Wednesday, January 15, 2014 12:30 PM
  • Yes, what would be the switch to add new certificate in existing store? is that "-store" instead of "-addstore"?

    certutil /?


    ¯\_(ツ)_/¯

    Wednesday, January 15, 2014 12:49 PM
  • -addstore is the correct parameter to add certificates, but you don't use the display name of the store. The actual name of the "Trusted Root Certification Authorities" is just "root".

    Try this:

    certutil.exe -addstore -f root xyz.cer

    The -f switch is "force overwrite"; you can leave that in or not, whatever your preference.

    Wednesday, January 15, 2014 12:58 PM
  • That works !!! Thanks..One question...

    If I want to add same certificate in "Personal" store, what would be the syntax as I tried it like above command  certutil.exe -addstore -f  "Personal" xyz.cer and   certutil.exe -addstore -f  Personal xyz.cer"?

    Thanks in advance.

    Wednesday, January 15, 2014 1:31 PM
  • For the Personal store, use a store name of "My":

    certutil.exe -addstore -f My xyz.cer

    Wednesday, January 15, 2014 2:28 PM
  • Awesome!! Tried and it worked. Syntax declaration is quite surprising...for Trusted Root Certification Authorities, its "ROOT" and for Personal, its "My".... ;) 

    Anyway thanks for your time and reply.


    Thursday, January 16, 2014 5:39 AM
  • The names that you use with certutil.exe are the names of the registry keys where the certificate stores actually live.  You can browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates to see the local machine store names, as an example.
    Thursday, January 16, 2014 2:24 PM