Importing a .pfx or .p12 file to a remote certificate store is not supported

https ssl-certificate pfx mmc server-core
AllWorkNoPlay picture AllWorkNoPlay · May 30, 2013 · Viewed 12k times · Source

I try to use MMC with SnapIn Certificates(Remote Computer) to import a p12 certificate into the Personal Certificate Store of a remote Windows 2008 Server Core computer.

Certificate Import Wizard tells me: 'Importing a .pfx or .p12 file to a remote certificate store is not supported'

Is there an alternative way to do this?

Answer

AllWorkNoPlay picture AllWorkNoPlay · Jun 24, 2013

I found out that I can do everything with certutil and winhttpcertcfg like this:

1) add .p12 to Personal key store

 certutil -p P@ssword -importpfx cert.p12

2) add .cer certificate as trusted publisher

 certutil -addstore TrustedPublisher cert.cer

3) check which users have access to certificate

 winhttpcertcfg -c LOCAL_MACHINE\My -s certificate.name -l

3) grant access to certificate

 winhttpcertcfg -c LOCAL_MACHINE\My -s certificate.name -g -a [email protected]

Related questions

Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have a class that will download a file from a https server. When I run it, it returns a lot of errors. It seems that I have a problem with my certificate. Is it possible to ignore the client-server …

Read More
How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?

I have a Java web service client, which consumes a web service via HTTPS. import javax.xml.ws.Service; @WebServiceClient(name = "ISomeService", targetNamespace = "http://tempuri.org/", wsdlLocation = "...") public class ISomeService extends Service { public ISomeService() { super(__getWsdlLocation(), ISOMESERVICE_QNAME); } When I …

Read More
Is it possible to have SSL certificate for IP address, not domain name?

I want my site to use URLs like http://192.0.2.2/... and https://192.0.2.2/... for static content to avoid unnecessary cookies in request AND avoid additional DNS request. Is there any way to obtain SSL cert for this purpose?

Read More