Microsoft "certutil -addstore -f -user publisher ..." - Create a Store

Q

How to import a certificate from a certificate file into a new certificate store with Microsoft "certutil" tool?

✍: FYIcenter.com

A

If you want to import a certificate from a certificate file into a new certificate store, you can use the Microsoft "certutil -addstore -f storename file_name" command as shown in this tutorial:

C:\fyicenter>\windows\system32\certutil -addstore -user publisher facebook.pem
publisher
Cannot open existing Cert store.  Use -f switch to force Cert store creation.
CertUtil: -addstore command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.

C:\fyicenter>\windows\system32\certutil -addstore -f -user publisher facebook.pem
publisher
Certificate "CN=*.facebook.com, O="Facebook, Inc.", L=Palo Alto, S=California, C
=US" added to store.
CertUtil: -addstore command completed successfully.

C:\fyicenter>\windows\system32\certutil -store -user publisher
publisher
================ Certificate 0 ================
Serial Number: 017f77deb3bcbb235d44ccc7dba62e72
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, 
OU=VeriSign International Server CA - Class 3, OU=VeriSign, Inc., 
O=VeriSign Trust Network
 NotBefore: 6/20/2012 7:00 PM
 NotAfter: 12/31/2013 6:59 PM
Subject: CN=*.facebook.com, O=Facebook, Inc., L=Palo Alto, S=California, C=US
Non-root Certificate
Template:
Cert Hash(sha1): f5 6b f2 44 63 b0 bd 61 36 c5 e8 72 34 6b 32 04 28 ff 4d 7c
No key provider information
Cannot find the certificate and private key for decryption.
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

  • The first test without using "-f" option failed, because "publisher" is a new certificate.
  • "-addstore" option indicates the specified certificate file to be added to a certificate store.
  • "-f" option indicates a new certifcate store is to be created, if the speficified store doesn't exist.
  • "-user my" option specifies "my" certificate store in the "Current User" store location to be used.
  • "facebook.pem" option specifies the certificate file that contains the certificate to be imported.

2013-03-05, 11110👍, 0💬