none
Certutil -Config -importcert not working RRS feed

  • Question

  • We are trying to import certificates using certutil commands which was generated from the same machines. 

    If we use "Certutil -Addstore" , we can import the certificate to machine's personal store but without the private key binding

    If we use "Certutil -config "CA Name" -Importcert cer-filepath" its not working. we are getting error 

    CertUtil: -ImportCert command FAILED: 0x80040154 (-2147221164)
    CertUtil: Class not registered

    But we can import the certificate using GUI without any error and private key binds correctly. Need some support on this, we have to automate this process for many application servers.

    Thanks and Regards,

    Hariharan

    Monday, September 16, 2019 2:16 PM

Answers

All replies

  • Hello hariharanss,

    Thank you for posting in our TechNet forum.

    According to the article certutil, we can see:

    -addstore  Add a certificate to the store.

    -ImportCert  Import a certificate file into the database.

    -importPFX  Import certificate and private key.



    For example:

    1. Add a certificate to the store.

    Certutil -f -addstore my filepath



    2. -ImportCert  Import a certificate file into the database.

    CertUtil -config "Machine\CA Name" -ImportCert filepath



    3. Import certificate and private key.

    CertUtil -f -importPFX filepath 




    We can try the third command if we want to import certificate with private key.


    If it does not work, please tell us where do we run the command, client or server, and what is the operating system version of client or server?


    Tips: Logon the machine with administrator account and open CMD, run as Administrator.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 3:23 AM
    Moderator
  • Thanks Daisy

    We created CSR from the device where we try to import the CER file.

    We can import the CER file to the computer store without private key binding.

    If we perform the import using GUI , everything is good. We can see the private key in the certificate

    We dont have private key exportable template, so we could not try the PFX option.

    Certutil -importcert is the only option we are trying so far and getting some errors.

    If you can help on someother commands , would be helpful for automate the task.

    Thanks and Regards,

    Hariharan

    Tuesday, September 17, 2019 5:42 AM
  • The right syntax is to use:

    certreq -accept path\issuedcert.cer


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    • Proposed as answer by Vadims PodansMVP Tuesday, September 17, 2019 2:10 PM
    • Marked as answer by hariharanss Wednesday, September 25, 2019 1:58 PM
    Tuesday, September 17, 2019 2:10 PM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 19, 2019 5:55 AM
    Moderator
  • Thanks Vadims and Daisy.

    We are testing on it. We will update on this.

    Thanks much for your support

    Regards,

    Hariharan

    Thursday, September 19, 2019 7:53 AM
  • Hi hariharanss,

    You are welcome! I am looking forward to your reply. Thank you for your update and time in advance.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 1:59 AM
    Moderator

  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 23, 2019 10:14 AM
    Moderator
  • Hi Daisy,

    Yes, the command works perfectly. Thanks Vadims

    certreq -accept -config "Certificate Template" path\issuedcert.cer

    Wednesday, September 25, 2019 1:58 PM
  • Hi,
    Thank you for your update and sharing. I am so glad that the problem has been resolved.

    As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you! 
     
    Have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, September 26, 2019 1:34 AM
    Moderator