none
how to import a ssl Certitficate on Windows Server 2016 build 1803 RRS feed

  • Question

  • Hi,

    I need to import a certificate pfx and the windows server 2016 build 1803 doesn't have a GUI and I can't get the MMC through the 1803 build, Please suggest certificate to import.

    Thanks,


    info2m

    Friday, March 22, 2019 7:29 PM

Answers

  • Certutil -importPFX

    C:\Windows>certutil -importpfx /?
    Usage:
      CertUtil [Options] -importPFX [CertificateStoreName] PFXFile [Modifiers]
      Import certificate and private key
        CertificateStoreName -- Certificate store name.  See -store.
        PFXFile -- PFX file to be imported
        Modifiers -- Comma separated list of one or more of the following:
                AT_SIGNATURE -- Change the KeySpec to Signature
                AT_KEYEXCHANGE -- Change the KeySpec to Key Exchange
                NoExport -- Make the private key non-exportable
                NoCert -- Do not import the certificate
                NoChain -- Do not import the certificate chain
                NoRoot -- Do not import the root certificate
                Protect -- Protect keys with password
                NoProtect -- Do not password protect keys
        Defaults to personal machine store.
        Modifiers:
          NoExport
          ExportEncrypted
          NoCert
          NoChain -- End Entity certificate only
          NoRoot -- Exclude root certificate
          NoProtect
          Protect
          ProtectHigh
          Pkcs8
          AT_SIGNATURE
          AT_KEYEXCHANGE
          FriendlyName=
          KeyFriendlyName=
          KeyDescription=
          VSM
    Options:
      -f                -- Force overwrite
      -Enterprise       -- (-ent) Use local machine Enterprise registry certificate store
      -user             -- Use HKEY_CURRENT_USER keys or certificate store
      -GroupPolicy      -- (-gp) Use Group Policy certificate store
      -Unicode          -- Write redirected output in Unicode
      -gmt              -- Display times as GMT
      -seconds          -- Display times with seconds and milliseconds
      -Silent           -- (-q) Use silent flag to acquire crypt context
      -v                -- Verbose operation
      -privatekey       -- Display password and private key data
      -pin PIN                  -- Smart Card PIN
      -p Password               -- Password
      -csp Provider             -- Provider
            KSP -- "Microsoft Software Key Storage Provider"
            TPM -- "Microsoft Platform Crypto Provider"
            NGC -- "Microsoft Passport Key Storage Provider"
            SC -- "Microsoft Smart Card Key Storage Provider"
      -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
                22 -- Local System
                23 -- Local Service
                24 -- Network Service
    CertUtil -?              -- Display a verb list (command list)
    CertUtil -importPFX -?   -- Display help text for the "importPFX" verb
    CertUtil -v -?           -- Display all help text for all verbs

    • Edited by MotoX80 Saturday, March 23, 2019 2:25 AM
    • Marked as answer by info2m Sunday, March 24, 2019 3:36 PM
    Saturday, March 23, 2019 2:24 AM
  • Hello info2m

    Please use the following link in order to import a PFX certificate in a GUIless environment in Windows.

    https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps


    Mark it as answer if your question has solved. MCT Regional Lead. x2 MCSE-MCSA Exchange Server & Windows Server


    Sunday, March 24, 2019 2:03 PM

All replies

  • Certutil -importPFX

    C:\Windows>certutil -importpfx /?
    Usage:
      CertUtil [Options] -importPFX [CertificateStoreName] PFXFile [Modifiers]
      Import certificate and private key
        CertificateStoreName -- Certificate store name.  See -store.
        PFXFile -- PFX file to be imported
        Modifiers -- Comma separated list of one or more of the following:
                AT_SIGNATURE -- Change the KeySpec to Signature
                AT_KEYEXCHANGE -- Change the KeySpec to Key Exchange
                NoExport -- Make the private key non-exportable
                NoCert -- Do not import the certificate
                NoChain -- Do not import the certificate chain
                NoRoot -- Do not import the root certificate
                Protect -- Protect keys with password
                NoProtect -- Do not password protect keys
        Defaults to personal machine store.
        Modifiers:
          NoExport
          ExportEncrypted
          NoCert
          NoChain -- End Entity certificate only
          NoRoot -- Exclude root certificate
          NoProtect
          Protect
          ProtectHigh
          Pkcs8
          AT_SIGNATURE
          AT_KEYEXCHANGE
          FriendlyName=
          KeyFriendlyName=
          KeyDescription=
          VSM
    Options:
      -f                -- Force overwrite
      -Enterprise       -- (-ent) Use local machine Enterprise registry certificate store
      -user             -- Use HKEY_CURRENT_USER keys or certificate store
      -GroupPolicy      -- (-gp) Use Group Policy certificate store
      -Unicode          -- Write redirected output in Unicode
      -gmt              -- Display times as GMT
      -seconds          -- Display times with seconds and milliseconds
      -Silent           -- (-q) Use silent flag to acquire crypt context
      -v                -- Verbose operation
      -privatekey       -- Display password and private key data
      -pin PIN                  -- Smart Card PIN
      -p Password               -- Password
      -csp Provider             -- Provider
            KSP -- "Microsoft Software Key Storage Provider"
            TPM -- "Microsoft Platform Crypto Provider"
            NGC -- "Microsoft Passport Key Storage Provider"
            SC -- "Microsoft Smart Card Key Storage Provider"
      -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
                22 -- Local System
                23 -- Local Service
                24 -- Network Service
    CertUtil -?              -- Display a verb list (command list)
    CertUtil -importPFX -?   -- Display help text for the "importPFX" verb
    CertUtil -v -?           -- Display all help text for all verbs

    • Edited by MotoX80 Saturday, March 23, 2019 2:25 AM
    • Marked as answer by info2m Sunday, March 24, 2019 3:36 PM
    Saturday, March 23, 2019 2:24 AM
  • Hi,

    The certificate needs to be installed for a application, does the import certificate needs to be installed at the host, root level or under the root, does it needs username and password to import, previous I've used the username and password for importing a certificate under root for a webservice.

    To Remove a certificate:

    If any issues with certificate how to remove the certificate, can we remove using the Certutil /?

    Please let me know.

    Thanks,


    info2m

    Sunday, March 24, 2019 1:58 PM
  • Hello info2m

    Please use the following link in order to import a PFX certificate in a GUIless environment in Windows.

    https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-pfxcertificate?view=win10-ps


    Mark it as answer if your question has solved. MCT Regional Lead. x2 MCSE-MCSA Exchange Server & Windows Server


    Sunday, March 24, 2019 2:03 PM
  • Thanks both for the support

    info2m

    Sunday, March 24, 2019 3:37 PM