Solved

certificate import

Posted on 2014-02-17
12
392 Views
Last Modified: 2014-02-20
hi,

need help,
i want to know is it possible to import certificate through script.
Certificate store is personal with private key.
I have tried few steps but it did not work, it giving me error.

Regards,
skumar.
0
Comment
Question by:Skumar_CCSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39866701
You can probably do this through a two step process with certutil

 certutil -privatekey -p "pssword" -exportpfx subject c:\path-to-pfx\pfx-file.pfx
 certutil -f -p pssword -importpfx  c:\path-to-pfx\pfx-file.pfx

You can wrap that in any script you want.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866714
thank you so much...
user will not have any access to do..
so each time when user log.. the exe/script file execute ..
it will import the certificate and overwrite..
target import folder will be c:\cert
can you please help me...i am trying this last two days...
nothing worked...
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866720
ok so 2 questions:

1) where is the original certificate being exported from
2) You want to import this certificate to the user's certificate store  ?
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Author Comment

by:Skumar_CCSA
ID: 39866728
purpose of these cert for two factor authentication.
Originally is imported from the CA server througn CA web console
admin will install the client certificate during the laptop setup..

certificate is stored in Personal store.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39866741
The assumption is the script will be running under the current user's context:
You will have to simply add this to your script.

certutil -f -user -p [password] -importpfx c:\cert\pfx-file.pfx

-user indicates you are importing to the current user's store
0
 

Author Comment

by:Skumar_CCSA
ID: 39866748
thank...
still not working..
i have attached the script that look to troubleshoot....
can you please let me know what i am doing mistake....
cert.vbs
cert-import.cmd
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39866810
Ok so I am not sure what you are trying to do with this line ?

for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do set cert_name=%%f >>%logpath% 2>&1

Also I am expecting you should be looking for cert names instead of just:
cert.pfx  ?


If this is a single certificate import then there is no need for all that extra copy to log - read log - output directory listing to log etc.

I think what you are trying to do is as below:
set logpath="C:\scripts\logs\cert_import.log"
set logdir="C:\scripts\logs"
dir /b C:\websys\EdgeClient > c:\scripts\logs\cert_name.log
echo %date% %time% Verify the certificates. >>%logpath%
findstr /I %computername% c:\scripts\logs\cert_name.log >>%logpath% 2>&1
if %errorlevel% NEQ 0 goto end
echo %date% %time% Import the certificate. >>%logpath%
for /F "delims=" %%f in (c:\scripts\logs\cert_name.log) do certutil -f -user -p "Aso!" -importpfx c:\websys\EdgeClient\%%f  >>>>%logpath% 2>&1
:end

rem Delete verify files
echo %date% %time% Delete verified files. >>%logpath%
del /f c:\scripts\logs\cert_name.log >>%logpath% 2>&1

exit

Open in new window

0
 

Author Comment

by:Skumar_CCSA
ID: 39866873
still have same issue...
you any sugg which can make it easier ...
all i need when user login ..the script should import the cert from IE personal certificate store to local drive c:\
thanks to help.
0
 

Author Comment

by:Skumar_CCSA
ID: 39866943
sorry....
want to import (install) client cert every logon event.
c:\cert is the certificate location.
whenever user logon it will install and overwrite the certificate..
pls help..
0
 
LVL 29

Expert Comment

by:becraig
ID: 39870740
Is this a single certificate or multiple certificates ?

Weill the filename always be known or will we have to search for it ?
0
 

Author Comment

by:Skumar_CCSA
ID: 39872013
File name single....
Computer host name and certificate will be same...
0
 

Author Comment

by:Skumar_CCSA
ID: 39875667
thanks.....
found the issue with cert names.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question