Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding PowerShell & .ps1 Import pfx file into particular certificate store from command line

Thread Rating:
  • 583 Vote(s) - 3.47 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Import pfx file into particular certificate store from command line

Offline clobbers676305


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-21-2023, 11:07 AM
It's relatively easy to import a certificate into the user's personal store from a pfx file by using CertUtil:

certutil –f –p [certificate_password] –importpfx C:\[certificate_path_and_name].pfx

But this ends up in the Personal Store of the current user. I need it in TrustedPeople on LocalMachine.

Is there any way I can do this from the command line, either by calling different arguments on certutil importpfx, using another certutil command or a different utility? Powershell is another possibility, although I don't know much about it.

Cheers,
Matt
Reply

Offline thuyzpjdz


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-21-2023, 11:13 AM
Check these links:

[To see links please register here]


Import-Certificate:

[To see links please register here]


You can do something like:

dir -Path C:\Certs -Filter *.cer | Import-Certificate -CertFile $_ -StoreNames AuthRoot, Root -LocalMachine -Verbose
Reply

Offline Lonneke157092


Member
*
Member
Posts: 0
Threads: 0
Joined: May 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-21-2023, 11:19 AM
Here is the complete code, import pfx, add iis website, add ssl binding:

$SiteName = "MySite"
$HostName = "localhost"
$CertificatePassword = '1234'
$SiteFolder = Join-Path -Path 'C:\inetpub\wwwroot' -ChildPath $SiteName
$certPath = 'c:\cert.pfx'


Write-Host 'Import pfx certificate' $certPath
$certRootStore = “LocalMachine”
$certStore = "My"
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($certPath,$CertificatePassword,"Exportable,PersistKeySet")
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.Open('ReadWrite')
$store.Add($pfx)
$store.Close()
$certThumbprint = $pfx.Thumbprint


Write-Host 'Add website' $SiteName
New-WebSite -Name $SiteName -PhysicalPath $SiteFolder -Force
$IISSite = "IIS:\Sites\$SiteName"
Set-ItemProperty $IISSite -name Bindings -value @{protocol="https";bindingInformation="*:443:$HostName"}
if($applicationPool) { Set-ItemProperty $IISSite -name ApplicationPool -value $IISApplicationPool }


Write-Host 'Bind certificate with Thumbprint' $certThumbprint
$obj = get-webconfiguration "//sites/site[@name='$SiteName']"
$binding = $obj.bindings.Collection[0]
$method = $binding.Methods["AddSslCertificate"]
$methodInstance = $method.CreateInstance()
$methodInstance.Input.SetAttributeValue("certificateHash", $certThumbprint)
$methodInstance.Input.SetAttributeValue("certificateStoreName", $certStore)
$methodInstance.Execute()

Reply

Offline unsecret733890


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Feb 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-21-2023, 11:22 AM
With Windows 2012 R2 (Win 8.1) and up, you also have the "official" <a href="https://technet.microsoft.com/en-us/library/hh848625%28v=wps.630%29.aspx">Import-PfxCertificate cmdlet</a>

Here are some essential parts of code (an adaptable example):

Invoke-Command -ComputerName $Computer -ScriptBlock {
param(
[string] $CertFileName,
[string] $CertRootStore,
[string] $CertStore,
[string] $X509Flags,
$PfxPass)
$CertPath = "$Env:SystemRoot\$CertFileName"
$Pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# Flags to send in are documented here:

[To see links please register here]

$Pfx.Import($CertPath, $PfxPass, $X509Flags) #"Exportable,PersistKeySet")
$Store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $CertStore, $CertRootStore
$Store.Open("MaxAllowed")
$Store.Add($Pfx)
if ($?)
{
"${Env:ComputerName}: Successfully added certificate."
}
else
{
"${Env:ComputerName}: Failed to add certificate! $($Error[0].ToString() -replace '[\r\n]+', ' ')"
}
$Store.Close()
Remove-Item -LiteralPath $CertPath
} -ArgumentList $TempCertFileName, $CertRootStore, $CertStore, $X509Flags, $Password

Based on mao47's code and some research, I wrote up a little article and a simple cmdlet for importing/pushing PFX certificates to remote computers.

<a href="http://www.powershelladmin.com/wiki/Import_PFX_certificates_on_remote_servers_%28PSv2-compatible%29">Here's</a> my article with more details and complete code that also works with PSv2 (default on Server 2008 R2 / Windows 7), so long as you have SMB enabled and administrative share access.
Reply

Offline baptizing659785


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-21-2023, 11:49 AM
In newer version of windows the Certuil has [CertificateStoreName] where we can give the store name. In earlier version windows this was not possible.

Installing *.pfx certificate:
certutil -f -p "" -enterprise -importpfx root "<Your *.PFX file >"

Installing *.cer certificate:
certutil -addstore -enterprise -f -v root "<Your *.CER file >"


For more details below command can be executed in windows cmd.
C:\>certutil -importpfx -?
Usage:
CertUtil [Options] -importPFX [CertificateStoreName] PFXFile [Modifiers]
Reply

Offline lure770


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Nov 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
07-21-2023, 12:15 PM
Anchoring my findings here for future readers.

Import certificate to Trusted Root Certification Authorities on Local Machine:

CERTUTIL -addstore -enterprise -f -v root "somCertificat.cer"

Import pfx to Personal on local machine

CERTUTIL -f -p somePassword -importpfx "somePfx.pfx"

Import pfx to Trusted People on local machine - [Link][1] to importpfx.exe

importpfx.exe -f "somePfx.pfx" -p "somePassword" -t MACHINE -s "TRUSTEDPEOPLE"

Import certificate to Trusted People on local machine

Certutil -addstore -f "TRUSTEDPEOPLE" "someCertificate.cer"

[1]:

[To see links please register here]

Reply

Offline wandlike643587


Member
*
Member
Posts: 0
Threads: 0
Joined: Oct 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#7
07-21-2023, 12:38 PM
To anyone else looking for this, I wasn't able to use `certutil -importpfx` into a specific store, and I didn't want to download the importpfx tool supplied by jaspernygaard's answer in order to avoid the requirement of copying the file to a large number of servers. I ended up finding my answer in a powershell script shown [here][1].

The code uses `System.Security.Cryptography.X509Certificates` to import the certificate and then moves it into the desired store:

function Import-PfxCertificate {

param([String]$certPath,[String]$certRootStore = "localmachine",[String]$certStore = "My",$pfxPass = $null)
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

if ($pfxPass -eq $null)
{
$pfxPass = read-host "Password" -assecurestring
}

$pfx.import($certPath,$pfxPass,"Exportable,PersistKeySet")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()
}


[1]:

[To see links please register here]

Reply

Offline fireflood742847


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Dec 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#8
07-21-2023, 12:57 PM
For Windows 10:

Import certificate to Trusted Root Certification Authorities for Current User:

certutil -f -user -p certPassword -importpfx root "example.pfx"

Import certificate to Trusted People for Current User:

certutil -f -user -p certPassword -importpfx TrustedPeople "example.pfx"

Import certificate to Trusted Root Certification Authorities on Local Machine:

certutil -f -user -p certPassword -enterprise -importpfx root "example.pfx"

Import certificate to Trusted People on Local Machine:

certutil -f -user -p certPassword -enterprise -importpfx TrustedPeople "example.pfx"
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through