JSI Tip 9527. How can I add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line?

To add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line, you must:

1. Download the codesigningx86.exe package from the Microsoft Download Center.

2. Right-click codesigningx86.exe and extract the files.

3. Copy the CertMgr.exe program to a location in your path.

Once CertMgr.exe is available:

1. Open CMD.EXE window.

2. Type the following command and press Enter:

certmgr.exe -add -c "" -s -r localMachine root

Where is the fully qualified path to the certificate file.

When you type CertMgr.exe /?, you see:

Usage: CertMgr [options][-s [-r ][SourceStoreName]                        [-s [-r ][DestinationStoreName]Options: -add               Add certificates/CRLs/CTLs to a storeFile or a system store -del               Delete certificates/CRLs/CTLs from a storeFile or                    a system store -put               Put an encoded certificate/CRL/CTL from a storeFile or                    a system store to a file.  The file will be saved in X.509                    format. -7 can be used to save the file in PKCS#7 format -s                 Indicate the store is a system store -r       The system store location                         Default to 'currentUser' -c                 Certificates in the store -crl               Certificates revocation lists(CRLs) in the store -ctl               Certificates trust lists(CTLs) in the store -v                 Verbose display of the certificates/CRLs/CTLs -all               All certificates/CRLs/CTLs in the store -n           Common name of the certificate -sha1  The sha1 hash of the certificate/CRLs/CTLs -7                 Save the destination store in PKCS# 7 format -e         Certificate/CRL/CTL encoding type.                    Default to X509_ASN_ENCODING -f           CertStore open flags.  Meaningful only if -y is set -y       CertStore provider name