Importing a .cer
certificate with certutil
utility can't manage to match it with its private key although the certificate signing request was created on the same machine.
I'm using certreq
to generate the .csr
file used for getting this certificate and in the .inf
I have the Exportable = True
flag.
Doing the import manually through the mmc wizard works, but not when running the following command from the admin console.
certutil -addstore -f "My" "website_aps_production.cer"
Moreover after importing the certificate with certutil, looking in mmc I noticed the Friendly Name is reset (appears as None).
I already tried the repairstore mechanism after importing the certificate from cmd, but did not help.
certutil -repairstore my >cert_thumbprint<
UPDATE
I tried importing the certificate using certreq -accept -machine website_aps_production.cer
, but this is throwing an error: A certificate chain could not be built to a trusted root authority. 0x800b010a and there is an additional warning in the console A certificate issued by the certification authority cannot be installed. Contact your administrator.
As a workaround, I managed to automate the certificate import process using PowerShell.
Set-Location -Path cert:\LocalMachine\My
Import-Certificate -Filepath "C:\website_aps_production.cer"
This way, the certificate is imported in the local computer's store and matched with its corresponding private key which can be further exported.
A more convenient solution is, however, creating everything using openSSL and not using the certificate store at all. This way the privatekey is exported independently from the certificate.
openssl req -nodes -newkey rsa:2048 -keyout pvkey.key -out csr.csr -subj "/C=test/ST=test/L=test/O=test/OU=test/CN=test" -config "C:\openssl.cnf"
User contributions licensed under CC BY-SA 3.0