How to import a certificate into the Local COMPUTER’s store


If your .CER certificate contains a private key, you can only import it through the MMC
Neither the certutil nor the Import-Certificate cmdlet keeps the private key during
the import process.
The Import-PfxCertificate cmdlet keeps the private key, but it does not import .CER certificates.


Except for PFX files, if you want to import the private key with the
certificate, you have to import it on the computer from which you made the request. Otherwise, there is a protection
mechanism which removes the private key from the certificate.
Imagine, you make a request and a man in the middle is stealing or copying your certificate while it is transferred to
your computer…

Import the certificate with Certutil

The following command line assumes that you are already inside the folder containing the certificate. Otherwise,
provide the path to the certificate file.

certutil -addstore -f "My" "MyCertificate.cer"

The key point here is that the -user parameter is not used. Without this parameter, the certificate is
imported into the Local Computer‘s store instead of the Local User‘s store.

Import the certificate with Powershell

Import a .CER certificate#fn-2209-1

Import-Certificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My

Import a .PFX certificate

Import-PfxCertificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My

Import a certificate through the console

  1. In a command line type certlm1
  2. Expand Certificates – Current User \ Personal \ Certificates (if this folder already exists)
  3. Right-click the Personal folder, select All tasks and Import…
    Current User Personal Certificates folder
  4. Type the file name or click Browse and select the certificate you want to import.
  5. Select Place all certificates in the following store and use Personal as
    Certificate store.
    Select the personal store

More about

(Microsoft Technet)

  1. For operating systems older than Windows Server 2012 or Windows 8, type mmc
    in a command line and add the Certificates snap-in as a computer

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s