• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

certificate import


need help,
i want to know is it possible to import certificate through script.
Certificate store is personal with private key.
I have tried few steps but it did not work, it giving me error.

  • 7
  • 5
1 Solution
You can probably do this through a two step process with certutil

 certutil -privatekey -p "pssword" -exportpfx subject c:\path-to-pfx\pfx-file.pfx
 certutil -f -p pssword -importpfx  c:\path-to-pfx\pfx-file.pfx

You can wrap that in any script you want.
Skumar_CCSAAuthor Commented:
thank you so much...
user will not have any access to do..
so each time when user log.. the exe/script file execute ..
it will import the certificate and overwrite..
target import folder will be c:\cert
can you please help me...i am trying this last two days...
nothing worked...
ok so 2 questions:

1) where is the original certificate being exported from
2) You want to import this certificate to the user's certificate store  ?
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Skumar_CCSAAuthor Commented:
purpose of these cert for two factor authentication.
Originally is imported from the CA server througn CA web console
admin will install the client certificate during the laptop setup..

certificate is stored in Personal store.
The assumption is the script will be running under the current user's context:
You will have to simply add this to your script.

certutil -f -user -p [password] -importpfx c:\cert\pfx-file.pfx

-user indicates you are importing to the current user's store
Skumar_CCSAAuthor Commented:
still not working..
i have attached the script that look to troubleshoot....
can you please let me know what i am doing mistake....
Ok so I am not sure what you are trying to do with this line ?

for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do set cert_name=%%f >>%logpath% 2>&1

Also I am expecting you should be looking for cert names instead of just:
cert.pfx  ?

If this is a single certificate import then there is no need for all that extra copy to log - read log - output directory listing to log etc.

I think what you are trying to do is as below:
set logpath="C:\scripts\logs\cert_import.log"
set logdir="C:\scripts\logs"
dir /b C:\websys\EdgeClient > c:\scripts\logs\cert_name.log
echo %date% %time% Verify the certificates. >>%logpath%
findstr /I %computername% c:\scripts\logs\cert_name.log >>%logpath% 2>&1
if %errorlevel% NEQ 0 goto end
echo %date% %time% Import the certificate. >>%logpath%
for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do certutil -f -user -p "Aso!" -importpfx c:\websys\EdgeClient\%%f  >>>>%logpath% 2>&1

rem Delete verify files
echo %date% %time% Delete verified files. >>%logpath%
del /f c:\scripts\logs\cert_name.log >>%logpath% 2>&1


Open in new window

Skumar_CCSAAuthor Commented:
still have same issue...
you any sugg which can make it easier ...
all i need when user login ..the script should import the cert from IE personal certificate store to local drive c:\
thanks to help.
Skumar_CCSAAuthor Commented:
want to import (install) client cert every logon event.
c:\cert is the certificate location.
whenever user logon it will install and overwrite the certificate..
pls help..
Is this a single certificate or multiple certificates ?

Weill the filename always be known or will we have to search for it ?
Skumar_CCSAAuthor Commented:
File name single....
Computer host name and certificate will be same...
Skumar_CCSAAuthor Commented:
found the issue with cert names.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now