You can use this procedure to install a certificate into the certificate stores on a computer by using the CertMgr.exe command-line tool. The CertMgr command-line tool is part of the Windows Driver Kit (WDK). To access the WDK, see http://go.microsoft.com/fwlink/?LinkId=59546.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To deploy a certificate by using CertMgr.exe at a command prompt
-
At a command prompt, type the following, and then press ENTER:
certmgr.exe -add MyCert.cer -s -r localMachine trustedpublisher
|
Value
|
Description
|
|---|
-add MyCert.cer | Specifies that the certificate found in the file MyCert.cer is to be added to a certificate store. |
-s | Specifies that the store is the computer certificate store. |
-r localMachine | Specifies that the computer certificate store is found under the registry location HKEY_LOCAL_MACHINE. |
trustedpublisher | Specifies that the certificate is to be placed in the Trusted Publishers certificate store. |
-
If the certificate is self-signed, and cannot be traced back to a certificate that is in your Trusted Root Certification Authorities, then you must place a copy of your certificate in that store as well.
certmgr.exe -add MyCert.cer -s -r localMachine root
|
Value
|
Description
|
|---|
root | Specifies that the certificate is to be placed in the Trusted Root Certification Authorities certificate store. |
Formatting legend
|
Format
|
Meaning
|
|
Italic
|
Information that the user must supply
|
|
Bold
|
Elements that the user must type exactly as shown
|