[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

certificate import

Posted on 2014-02-17
12
Medium Priority
?
395 Views
Last Modified: 2014-02-20
hi,

need help,
i want to know is it possible to import certificate through script.
Certificate store is personal with private key.
I have tried few steps but it did not work, it giving me error.

Regards,
skumar.
0
Comment
Question by:Skumar_CCSA
  • 7
  • 5
12 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39866701
You can probably do this through a two step process with certutil

 certutil -privatekey -p "pssword" -exportpfx subject c:\path-to-pfx\pfx-file.pfx
 certutil -f -p pssword -importpfx  c:\path-to-pfx\pfx-file.pfx

You can wrap that in any script you want.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866714
thank you so much...
user will not have any access to do..
so each time when user log.. the exe/script file execute ..
it will import the certificate and overwrite..
target import folder will be c:\cert
can you please help me...i am trying this last two days...
nothing worked...
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866720
ok so 2 questions:

1) where is the original certificate being exported from
2) You want to import this certificate to the user's certificate store  ?
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:Skumar_CCSA
ID: 39866728
purpose of these cert for two factor authentication.
Originally is imported from the CA server througn CA web console
admin will install the client certificate during the laptop setup..

certificate is stored in Personal store.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866741
The assumption is the script will be running under the current user's context:
You will have to simply add this to your script.

certutil -f -user -p [password] -importpfx c:\cert\pfx-file.pfx

-user indicates you are importing to the current user's store
0
 

Author Comment

by:Skumar_CCSA
ID: 39866748
thank...
still not working..
i have attached the script that look to troubleshoot....
can you please let me know what i am doing mistake....
cert.vbs
cert-import.cmd
0
 
LVL 29

Accepted Solution

by:
becraig earned 1500 total points
ID: 39866810
Ok so I am not sure what you are trying to do with this line ?

for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do set cert_name=%%f >>%logpath% 2>&1

Also I am expecting you should be looking for cert names instead of just:
cert.pfx  ?


If this is a single certificate import then there is no need for all that extra copy to log - read log - output directory listing to log etc.

I think what you are trying to do is as below:
set logpath="C:\scripts\logs\cert_import.log"
set logdir="C:\scripts\logs"
dir /b C:\websys\EdgeClient > c:\scripts\logs\cert_name.log
echo %date% %time% Verify the certificates. >>%logpath%
findstr /I %computername% c:\scripts\logs\cert_name.log >>%logpath% 2>&1
if %errorlevel% NEQ 0 goto end
echo %date% %time% Import the certificate. >>%logpath%
for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do certutil -f -user -p "Aso!" -importpfx c:\websys\EdgeClient\%%f  >>>>%logpath% 2>&1
:end

rem Delete verify files
echo %date% %time% Delete verified files. >>%logpath%
del /f c:\scripts\logs\cert_name.log >>%logpath% 2>&1

exit

Open in new window

0
 

Author Comment

by:Skumar_CCSA
ID: 39866873
still have same issue...
you any sugg which can make it easier ...
all i need when user login ..the script should import the cert from IE personal certificate store to local drive c:\
thanks to help.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866943
sorry....
want to import (install) client cert every logon event.
c:\cert is the certificate location.
whenever user logon it will install and overwrite the certificate..
pls help..
0
 
LVL 29

Expert Comment

by:becraig
ID: 39870740
Is this a single certificate or multiple certificates ?

Weill the filename always be known or will we have to search for it ?
0
 

Author Comment

by:Skumar_CCSA
ID: 39872013
File name single....
Computer host name and certificate will be same...
0
 

Author Comment

by:Skumar_CCSA
ID: 39875667
thanks.....
found the issue with cert names.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question