Import-PfxCertificate appears to not 'fully' import the .p12 certificate RRS feed

  • Question

  • Hi,

    I'm trying to import OpenVPN client certs (.p12 (PFX) to Windows 10 Enterprise workstations. When I use PowerShell Import-PfxCertificate, it installs quickly and I can see the cert in the CurrentUser\My (Personal) store. It 'looks' right, but when I try to connect the client, it fails with a cert error.

    When I manually Right-Click the cert 'Install PFX', choosing default options, it installs and the OpenVPN client works as it should.

    Question is: What is PowerShell not doing, that the manual Cert install seems to do?
    One thing I notice is that the script runs very fast...the GUI takes a couple seconds...

    Manual deployment is not an option...300 or so mostly remote users.

    Any ideas or alternate deployment methods would be great. We do have ME Desktop Central, but the User Cert deployment options doesn't' work at all, so that is apparently out.


    Tuesday, August 7, 2018 6:08 PM

All replies

  • Hi,

    Thanks for your question.

    Because I can't see the scripts you have tried. So I don't know if there is a problem with your script command. 

    You can try to distribute certificates to client computers by using Group Policy.


    I also suggest that you can try to post this question to the OpenVPN forum.

    OpenVpn forum

    Best Regards,


    Just do it.

    Wednesday, August 8, 2018 5:39 AM
  • Thanks Lee,

    Here is the script...quite basic.

    $Cert1 = (Get-ChildItem -Path "C:\Program Files\OpenVPN\config\pfsvpn.company.com.p12")
    Import-PfxCertificate $Cert1 -CertStoreLocation Cert:\CurrentUser\My

    As I said...I can see the cert in the CurrentUser/Personal store...and it looks the same as a manual install. But there is something different, regardless of OpenVPN. So I was just wondering if there were any known differences in the import methods?

    The GPO option would be great, but as far as I can tell, it doesn't put the certs in the CurrentUser store...just Computer.

    I will likely add a RunOnce key to install the cert and configs on User login as I know it will use the Users account to perform the install. That will be an acceptable alternative...same amount of work for me. :-)


    Wednesday, August 8, 2018 2:00 PM