Solved

certificate import

Posted on 2014-02-17
12
390 Views
Last Modified: 2014-02-20
hi,

need help,
i want to know is it possible to import certificate through script.
Certificate store is personal with private key.
I have tried few steps but it did not work, it giving me error.

Regards,
skumar.
0
Comment
Question by:Skumar_CCSA
  • 7
  • 5
12 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39866701
You can probably do this through a two step process with certutil

 certutil -privatekey -p "pssword" -exportpfx subject c:\path-to-pfx\pfx-file.pfx
 certutil -f -p pssword -importpfx  c:\path-to-pfx\pfx-file.pfx

You can wrap that in any script you want.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866714
thank you so much...
user will not have any access to do..
so each time when user log.. the exe/script file execute ..
it will import the certificate and overwrite..
target import folder will be c:\cert
can you please help me...i am trying this last two days...
nothing worked...
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866720
ok so 2 questions:

1) where is the original certificate being exported from
2) You want to import this certificate to the user's certificate store  ?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Skumar_CCSA
ID: 39866728
purpose of these cert for two factor authentication.
Originally is imported from the CA server througn CA web console
admin will install the client certificate during the laptop setup..

certificate is stored in Personal store.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866741
The assumption is the script will be running under the current user's context:
You will have to simply add this to your script.

certutil -f -user -p [password] -importpfx c:\cert\pfx-file.pfx

-user indicates you are importing to the current user's store
0
 

Author Comment

by:Skumar_CCSA
ID: 39866748
thank...
still not working..
i have attached the script that look to troubleshoot....
can you please let me know what i am doing mistake....
cert.vbs
cert-import.cmd
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39866810
Ok so I am not sure what you are trying to do with this line ?

for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do set cert_name=%%f >>%logpath% 2>&1

Also I am expecting you should be looking for cert names instead of just:
cert.pfx  ?


If this is a single certificate import then there is no need for all that extra copy to log - read log - output directory listing to log etc.

I think what you are trying to do is as below:
set logpath="C:\scripts\logs\cert_import.log"
set logdir="C:\scripts\logs"
dir /b C:\websys\EdgeClient > c:\scripts\logs\cert_name.log
echo %date% %time% Verify the certificates. >>%logpath%
findstr /I %computername% c:\scripts\logs\cert_name.log >>%logpath% 2>&1
if %errorlevel% NEQ 0 goto end
echo %date% %time% Import the certificate. >>%logpath%
for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do certutil -f -user -p "Aso!" -importpfx c:\websys\EdgeClient\%%f  >>>>%logpath% 2>&1
:end

rem Delete verify files
echo %date% %time% Delete verified files. >>%logpath%
del /f c:\scripts\logs\cert_name.log >>%logpath% 2>&1

exit

Open in new window

0
 

Author Comment

by:Skumar_CCSA
ID: 39866873
still have same issue...
you any sugg which can make it easier ...
all i need when user login ..the script should import the cert from IE personal certificate store to local drive c:\
thanks to help.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866943
sorry....
want to import (install) client cert every logon event.
c:\cert is the certificate location.
whenever user logon it will install and overwrite the certificate..
pls help..
0
 
LVL 29

Expert Comment

by:becraig
ID: 39870740
Is this a single certificate or multiple certificates ?

Weill the filename always be known or will we have to search for it ?
0
 

Author Comment

by:Skumar_CCSA
ID: 39872013
File name single....
Computer host name and certificate will be same...
0
 

Author Comment

by:Skumar_CCSA
ID: 39875667
thanks.....
found the issue with cert names.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
"Recent" shortcut button missing in Windows 10 7 51
encrypted folder 7 63
C# LINQ ForEach() question 6 54
Input parameteres to DragOver 2 19
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
An article on effective troubleshooting
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question