Microsoft "certutil -addstore -f -user publisher ..." - Create a Store

Q

How to import a certificate from a certificate file into a new certificate store with Microsoft "certutil" tool?

✍: FYIcenter.com

A

If you want to import a certificate from a certificate file into a new certificate store, you can use the Microsoft "certutil -addstore -f storename file_name" command as shown in this tutorial: 

C:\fyicenter>\windows\system32\certutil -addstore -user publisher facebook.pem
publisher
Cannot open existing Cert store.  Use -f switch to force Cert store creation.
CertUtil: -addstore command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.

C:\fyicenter>\windows\system32\certutil -addstore -f -user publisher facebook.pem
publisher
Certificate "CN=*.facebook.com, O="Facebook, Inc.", L=Palo Alto, S=California, C
=US" added to store.
CertUtil: -addstore command completed successfully.

C:\fyicenter>\windows\system32\certutil -store -user publisher
publisher
================ Certificate 0 ================
Serial Number: 017f77deb3bcbb235d44ccc7dba62e72
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, 
OU=VeriSign International Server CA - Class 3, OU=VeriSign, Inc., 
O=VeriSign Trust Network
 NotBefore: 6/20/2012 7:00 PM
 NotAfter: 12/31/2013 6:59 PM
Subject: CN=*.facebook.com, O=Facebook, Inc., L=Palo Alto, S=California, C=US
Non-root Certificate
Template:
Cert Hash(sha1): f5 6b f2 44 63 b0 bd 61 36 c5 e8 72 34 6b 32 04 28 ff 4d 7c
No key provider information
Cannot find the certificate and private key for decryption.
CertUtil: -store command completed successfully.

As you can see from the output, the command works successfully:

  • The first test without using "-f" option failed, because "publisher" is a new certificate.
  • "-addstore" option indicates the specified certificate file to be added to a certificate store.
  • "-f" option indicates a new certifcate store is to be created, if the speficified store doesn't exist.
  • "-user my" option specifies "my" certificate store in the "Current User" store location to be used.
  • "facebook.pem" option specifies the certificate file that contains the certificate to be imported.

2013-03-05, 11110👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows