How to use command prompt to Import pfx certificate to Workgroup Computer (Network Steve Forum)

How to use command prompt to Import pfx certificate to Workgroup Computer

Hi,

When i trying to install SCCM native mode agent, it required client certificate with private key. I created the private key as pfx format.

i ran this command:

certutil -privatekey -exportpfx "SUBJECTNAME" "CertWithPrivateKey".pfx

Then, i try to import certificate at my workgroup client XP machine.

i have tried few ways to complete the import portion:

1) winhttpcertcfg -i CertWithPrivateKey".pfx -c LOCAL_MACHINE\my -a "domain\Account Operators" -p password

winhttpcertcfg -i CertWithPrivateKey".pfx -c LOCAL_MACHINE\my -a administrator -p password

2) certutil -importpfx cert.pfx (follow http://social.technet.microsoft.com/Forums/en-US/winservercore/thread/5a613754-0a7f-4157-bc47-97e8b55a2878/)

BUT, i still failed to import certificate into My certstore.

Anyone can help me and guide me what should i do?

Thank you.

June 1st, 2012 3:13am

i got 2 XP test machine. 1 machine can run certutil -importpfx cert.pfx and successfully import the certificate. But another machine cannot fail to run the command. Any file/services to check/enabled??

Free Windows Admin Tool Kit Click here and download it now

June 1st, 2012 7:23am

The command line I have used to import certs is certutil -p PFXPassword -importPFX ComputerName.pfx

With XP, the certutil.exe command was not included. If it is not on the XP machine, find a machine running a 32 bit version of Windows Server 2003 and copy CERTUTIL.EXE and CERTADM.DLL from the System32 folder to the System32 folder on the client XP machine.

If the number of machines is large, this can be scripted.

June 2nd, 2012 2:31am

thanks, John.

Ya, it is working in my lab now :)

"certutil -p PFXPassword -importPFX ComputerName.pfx"

Free Windows Admin Tool Kit Click here and download it now

June 3rd, 2012 4:51pm

Hi, thank u it was very helpful.

I did that with a script to list of XP workgroup computers (all the computer with the same username and password) and it's work grate!

@ECHO OFF

for /f %%a in (\\domainName\netlogon\IstallCertRemote\ComputerList.txt) do net use x: \\%%a\c$ /u:Username Password /persistent:no & copy \\domainName\netlogon\IstallCertRemote\certutil.exe x:\windows\system32\ & copy \\domainName\netlogon\IstallCertRemote\certadm.dll x:\windows\system32\ & copy \\domainName\netlogon\IstallCertRemote\CertName.pfx x:\ & \\domainName\netlogon\IstallCertRemote\PsExec.exe cmd \\%%a/c c:\windows\system32\certutil -f -p certPass -importpfx c:\CertName.pfx & del x:\CertName.pfx & net use X: /deleteg

the script take an IP from the list map network drive (etc. X:) with credential, copy CertUtil.exe and certadm.dll to drive:\windows\system32\, copy the certificate to "c:\" (because it a map drive is copy it for X: in my case) install the certificate, delete it from C:\ (X:) and delete the map drive.

Remember to save

CertUtil.exe

Certadm.dll

certificate.pfx

on a shared folder that have permission for "everyone" of "Read", "Read and execute"

March 18th, 2015 6:20pm

This topic is archived. No further replies will be accepted.