WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinInet
plus

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Installation of a Certificate


Question:

I need to automate the installation of a certificate to the current users local machine store. Does anyone know what would be the best method to do this that does not require GUI interaction?

Answer:

Install Microsoft Authenticode certificate

Now you need to install your certificate. The process to install the certificate depends on the certificate file type.

.PFX Certificate File

Windows 7 has a certificate installation wizard that can be invoked by simply double clicking on the .pfx file. Using the Wizard, installing a code signing certificate can be done in less than a minute.

.SPC and .PVK Certificate Files

In order to move your certificate and private key to the registry Microsoft has created a tool called PVKIMPRTt, which can be used to copy the .spc and .pvk files to the registry. Moving the certificate and private key to the registry allows you to sign your WinBatch exes.

Download the PVK Digital Certificate Files Importer:

[ Download PVKIMPRT ]

Please read the usage instructions after downloading pvkimprt from Microsoft.

The pvkimprt.exe file that you downloaded from Microsoft is a self-extracting archive which, when executed without any options, will install the real 'pvkimprt.exe' into a directory on your path.

Winbatch offers a script to handle the install and import for you. The InstallCodeSignCertificate.wbt located in your WinBatch\Samples subdirectory. Note: this script requires that you have already downloaded and installed the pvkimprt.exe from Microsoft.

[ Download InstallCodeSignCertificate.wbt ]

Otherwise you can use PVKIMPRT via the windows commandline. Go to the START|Run menu CMD.EXE then type:

 
C:\WINDOWS\PVKIMPRT.EXE -IMPORT "{SPC file path}" "{PVK file path}"

How do I know if the Certificate is installed?

You have a few options to determine whether or not a certificate has been successfully installed.

Using Certmgr.msc

CertMgr is a Microsoft Management Console (MMC) snap-in that Allows you to view and manage information about certificates, such as certificate contents and the certification path. It also allows you to specify the friendly name for a certificate.

Using Internet Explorer

  1. Launch Internet Explorer
  2. Select the 'Tools'|'Internet Options' menu.
  3. Select the 'Content' tab.
  4. Press the 'Certificates' button.
  5. Select the 'Personal' tab.

Give Certificate a Friendly Name

You can view and manage the root certificates on your computer by using either the InternetExplorer or Certmgr.msc. Locate your desired certificate under the Trusted Root Certification Authorities tab and click View and then the Details tab. Select the Friendly Name field and click Edit Properties. There you can change the Friendly Name.

See Also:

"CERTMGR" utility. You will have to copy the certificate to the local machine and import it using certmgr. This utility can be called from the script and has a bunch of command line switches which will accompish what you need. Shell out to a dos prompt and type "certmgr /?" for syntax.

Here's the way I used it.


certmgr -add -c mycert.cer -s -r localMachine root
See http://msdn.microsoft.com/en-us/library/e78byta0(VS.80).aspx
Article ID:   W16375
File Created: 2017:08:29:11:37:10
Last Updated: 2017:08:29:11:37:10