I need to import a certificate file to Trusted Root Certification Authorities store, to get rid of an SSL warning when visiting my local website. The way I currently do it is lengthy: use Google Chrome → Settings → Advanced → Privacy and security → Manage certificates → Trusted Root Certification Authorities → Import. It looks like some sort of Windows snap-in rather than a custom window of Chrome. This is dumb to do all these steps just to import a 1KiB certificate file. Can I do it on PowerShell, so that this action can be automated via script? Or at least how can I open the above window without Google Chrome?
asked Dec 1, 2019 at 4:31 1,176 4 4 gold badges 15 15 silver badges 28 28 bronze badgesIf you are on a current version of Windows, you can use PowerShell cmdlets:
Import-Certificate -FilePath "C:\CA-PublicKey.Cer" -CertStoreLocation Cert:\LocalMachine\Root
certutil.exe -addstore root c:\capublickey.cer
answered Dec 1, 2019 at 11:05
Peter Hahndorf Peter Hahndorf
14k 10 10 gold badges 56 56 silver badges 70 70 bronze badges
Haven't test certutil.exe , but Import-Certificate works. Btw, what is the difference between cert:\CurrentUser\Root and Cert:\LocalMachine\Root ? I am not familiar with Windows shell scripting.
Commented Dec 2, 2019 at 11:14@Livy - as the names suggest CurrentUser is the certificate store only for the currently logged-on user, LocalMachine is computer-wide, and those certificates can be used by all users.
Commented Dec 2, 2019 at 16:28So that's why I can no longer use the Certificates window above to remove it, as it requires administrative permission. I think I will add it to cert:\CurrentUser\Root next time.
Commented Dec 2, 2019 at 18:53@Livy because these are two different stores. The same utility can be used - in principle - to interact with the certificate store, but certmgr.msc is hardwired to the "current user" trust store. If you want any of the others, use mmc.exe and add the appropriate snap-in wired to an alternative trust store.