I need to import a PEM certificate on a massive number of freshly installed Windows 7 Enterprise machines.
Normally, I would do it through MMC → Certificates (Local Computer) snap-in → Trusted Root Certificates → Import, but I need to speed things up. Therefore, I'd like to use only the command prompt.
With certmgr.exe (not certmgr.msc!), I would type:
certmgr.exe -add -c C:\certificate.pem -s -r localMachine rootThe problem is that certmgr.exe does not exist in Windows 7. How then can I add a certificate from the command line?
1 Answer
You need to use certutil.exe instead:
certutil –addstore -enterprise –f "Root" <pathtocertificatefile>will add the certificate to the Trusted Root Certification Authorities store.
If you want to add an Intermediate Certification Authority, replace Root with CA and to add to your Personal store, change it to My.
All the above adds the certificate to the Local Computer store. To add to the User store remove the -enterprise from the command line:
certutil –addstore –f "Root" <pathtocertificatefile>The -f in the command simply forces an overwrite in the case where the certificate is already installed.
