We help IT Professionals succeed at work.

How to script the import of a .pfx certificate

andrew_89 used Ask the Experts™
I have a wildcard certificate and need to import it across 100+ machines. Is there a way I can do this. I looked at the certmgr.exe tool but did not see how to get this to run remotely on all machines. I had to install the SDk to get the tool.

There must be some way to do this but I cant seem to find any.

Thanks for any help
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi andrew_89,

Others may have tidier solutions, but using certmgr in a login script would do the job.  Alternatively, you could use something like PSExec to run it remotely -> http://www.sysinternals.com/Utilities/PsExec.html

Hope that helps,



Yes but doesnt the program have to be installed everywhere to use psexec. I mean I only have certmgr on one box.... and do you know what the correct syntax for certmgr is to do this.

These are all IIS boxes so how could I do a login script??
Ahh, if they are servers, dont bother with a logon script.

I doubt you will need the program installed on each machine, but you will most likely need to have the .net framework installed (which it should be already).  Test it out - copy over certmgr.exe and any other obvious dlls (like certmgr.dll if it exists :))

Here are the command line switches for certmgr -> http://msdn2.microsoft.com/en-us/library/e78byta0.aspx

As to running this command, I am not sure as I have not done it with .pfx files



I found this script:
Option Explicit
Dim iiscertobj, pfxfile, pfxfilepassword, InstanceName, WebFarmServers, IISServer
Set iiscertobj = WScript.CreateObject("IIS.CertObj")
pfxfile = WScript.Arguments(0)
pfxfilepassword = WScript.Arguments(1)
InstanceName = WScript.Arguments(2)
WebFarmServers = split(WScript.Arguments(3), ",")
iiscertobj.UserName = WScript.Arguments(4)
iiscertobj.UserPassword = WScript.Arguments(5)
For Each IISServer in WebFarmServers
  iiscertobj.ServerName = IISServer
  iiscertobj.InstanceName = InstanceName
  iiscertobj.Import pfxfile, pfxfilepassword, true, true

but I keeo getting subscript out of range errors on line 9??? any idea on this one ??
I assume you are talking about this -> http://technet2.microsoft.com/WindowsServer/en/library/f2ef3228-4a4b-4cc8-99cc-78784aa5890b1033.mspx?mfr=true

Are you following the instructions for running that?

Certimport.vbs cert.pfx pfxpassword w3svc/1 iisserver1,iisserver2,iisserver3 Administrator aal34290


Yes this is where I found it but I keep getting that error.


Okay now I followed it exaclty the way they wanted and receive the error below.

line 12
Invalid procedure call or argument
what is the command you are running?


I think I see the issue.. This .p12 file that I am trying to import was generated without a passphrase so the variable pfxpassword is not being passed. If I try to remove that variable form being passed , a different error comes back:

Wrong number of arguments or invalid property assignment:

Certimport.vbs c:\test.p12    w3svc/1 iis02,iis13,iis12 administrator  password
try entering "" as the password - or try to get the file with a password...


either way I get

 Invalid procedure call or argument

on line 12  (iiscertobj.Import pfxfile, pfxfilepassword, true, true)

Looks like I may have to do this thing manually .......


Oky I gotit working now. I just regenerated the key with a passphrase and passed that in. It works great thanks for your help as you got me on the right direction.
Excellent, glad to hear you got it sorted