How can I add a certificate to a Windows service's certificate store from the command line?


I want to add a certificate to the certificate store belonging to a Windows service, from the command line. So far, the only thing I've found is:

certutil -service -store ADAM_Instance-Name\My

When I run it (logged on as myself, in a Command Prompt as Administrator) it returns:

CertUtil: -store command FAILED: 0x80070057 (WIN32: 87)
CertUtil: The parameter is incorrect.

I've tried wrapping the Service\Store name in double quotes (same result) and single quotes (same result) and using a forward slash or space instead of the backslash, both giving:

CertUtil: -store command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.

Can anyone help with the syntax for this command, or help with an alternative method?

asked on Server Fault Jan 16, 2019 by user2871239

1 Answer


You can't import certificate into someone's Personal (My) store. I'm not sure if "Run As..." will work, because this operation requires a user profile to be loaded. You may try to interactively log on under service account (if possible) and import the certificate.

Alternatively, you can try to install the certificate in the LocalMachine\My store and grant private key read permissions to service account.

answered on Server Fault Jan 16, 2019 by Crypt32 • edited Jan 17, 2019 by Crypt32

User contributions licensed under CC BY-SA 3.0