IMPORTANT NOTE I
If your .CER certificate contains a private key, you can only import it through the MMC console.
Neither the certutil nor the Import-Certificate cmdlet keeps the private key during the import process.
The Import-PfxCertificate cmdlet keeps the private key, but it does not import .CER certificates.
IMPORTANT NOTE II
Except for PFX files, if you want to import the private key with the certificate, you have to import it on the computer from which you made the request. Otherwise, there is a protection mechanism which removes the private key from the certificate.
Imagine, you make a request and a man in the middle is stealing or copying your certificate while it is transferred to your computer…
Import the certificate with Certutil
The following command line assumes that you are already inside the folder containing the certificate. Otherwise, provide the path to the certificate file.
certutil -addstore -f "My" "MyCertificate.cer"
The key point here is that the -user parameter is not used. Without this parameter, the certificate is imported into the Local Computer‘s store instead of the Local User‘s store.
Import the certificate with Powershell
Import a .CER certificate
Import-Certificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My
Import a .PFX certificate
Import-PfxCertificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My
Import a certificate through the console
- In a command line type certlm1
- Expand Certificates – Current User \ Personal \ Certificates (if this folder already exists)
- Right-click the Personal folder, select All tasks and Import…
- Type the file name or click Browse and select the certificate you want to import.
- Select Place all certificates in the following store and use Personal as Certificate store.
- For operating systems older than Windows Server 2012 or Windows 8, type mmc in a command line and add the Certificates snap-in as a computer account. ↩