Import-PfxCertificate not saving certificate in designated System Store Location

Question

Import-PfxCertificate not saving certificate in designated System Store Location

I am trying to install a certificate provided by mitmproxy.org via powershell and windows is not saving the certificate in the correct location.

Commands I tried to run:

Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation cert:\LocalMachine\Root Instead of inserting a cert into Trusted Root Certification Authorities, it put it in Intermediate Certification Authorities.

Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation cert:\CurrentUser\Root Did the same as the first command.

Even setting the working location to PS Cert:\localmachine\Root> did not manage to import into the Root location. Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation .

There are no errors, all commands ran their course. I ran them with admin privileges.

Manually left-clicking on the mitmproxy-ca-cert.p12 however does start an import GUI that successfully imports it into the Root location. Why is the powershell not working tho?

Following mitmproxy.org own guide for command-line installation is of no use because it simply doesn't work:

How to install on Windows (Automated)

certutil.exe -importpfx Root mitmproxy-ca-cert.p12

C:\>certutil -importpfx Root mitmproxy-ca-cert.p12
Enter PFX password:
CertUtil: -importPFX command FAILED: 0x80092007 (-2146885625 CRYPT_E_SELF_SIGNED)
CertUtil: The specified certificate is self signed.

Can anyone shed some light what is going on here? Thank you.

powershell

certificate

asked on Stack Overflow Aug 28, 2019 by

miyagisan

1 Answer

I make a script for you, tell me if you don't understand.

$in_cert = "C:\Users\Marian\Desktop\Pfx Certificate.pfx";
$password = Read-Host -AsSecureString;

# Read the pfx certificate data:
$pfx = (Get-PfxData -FilePath $in_cert -Password $password -ErrorAction Stop);

# Get the root and publisher certificate:
$root = $pfx.OtherCertificates[0];
$publisher = $pfx.EndEntityCertificates[0];

# Add the root:
$rootStore = Get-Item "Cert:\CurrentUser\Root";
$rootStore.Open('ReadWrite');
$rootStore.add($root);
$rootStore.close();

# Add the publisher:
$rootStore = Get-Item "Cert:\CurrentUser\TrustedPublisher";
$rootStore.Open('ReadWrite');
$rootStore.add($publisher);
$rootStore.close();

Pause;

I posted to my post too: My Post

answered on Stack Overflow Aug 28, 2019 by

Marian

User contributions licensed under CC BY-SA 3.0