How to import a certificate into the Local COMPUTER’s store

IMPORTANT NOTE I

If your .CER certificate contains a private key, you can only import it through the MMC
console.
Neither the certutil nor the Import-Certificate cmdlet keeps the private key during
the import process.
The Import-PfxCertificate cmdlet keeps the private key, but it does not import .CER certificates.

IMPORTANT NOTE II

Except for PFX files, if you want to import the private key with the
certificate, you have to import it on the computer from which you made the request. Otherwise, there is a protection
mechanism which removes the private key from the certificate.
Imagine, you make a request and a man in the middle is stealing or copying your certificate while it is transferred to
your computer…

Import the certificate with Certutil

The following command line assumes that you are already inside the folder containing the certificate. Otherwise,
provide the path to the certificate file.

certutil -addstore -f "My" "MyCertificate.cer"

NOTE:
The key point here is that the -user parameter is not used. Without this parameter, the certificate is
imported into the Local Computer‘s store instead of the Local User‘s store.

Import the certificate with Powershell

Import a .CER certificate#fn-2209-1

Import-Certificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My

Import a .PFX certificate

Import-PfxCertificate -FilePath .\Certificate.cer -CertStoreLocation Cert:\LocalMachine\My

Import a certificate through the console

  1. In a command line type certlm1
  2. Expand Certificates – Current User \ Personal \ Certificates (if this folder already exists)
  3. Right-click the Personal folder, select All tasks and Import…
    Current User Personal Certificates folder
  4. Type the file name or click Browse and select the certificate you want to import.
  5. Select Place all certificates in the following store and use Personal as
    Certificate store.
    Select the personal store

More about

Certutil
(Microsoft Technet)


  1. For operating systems older than Windows Server 2012 or Windows 8, type mmc
    in a command line and add the Certificates snap-in as a computer
    account. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s