Adding Self Signed Certificate to trusted root certificate store using Command Line

Is there any way to add certificate to Local Computer's Trusted Root Certification Authority using command line? I tried using certmgr.exe, it shows success but when i check root CA, i don't see my certificate there.

I followed the guide here:

http://msdn.microsoft.com/en-us/library/ms172241.aspx

Basically trying this command:

certmgr.exe -add -c mycertificate.cer -s -r localMachine root

The command works and shows success on command line, but i can not see the certificate in actual trusted root store through mmc, Is it the procedure for self signed certificate is different? I have setup an IIS server with SSL Binding to this certificate which is originally placed in "MY" store. But im doing everything through autoamted scripts so i want to know how can i add this certificate to trusted root CA using cmd line option??


Did you try it manually (by double-clicking on the CER file)? If even manually it's not working, you might be encountering a Vista bug.

Install a Root CA certificate from the command line (cmd.exe)

(This requires the Windows SDK. Visual Studio will install it for you and add it to the %PATH%.)

certmgr /add /c mycertificate.cer /s /r localMachine root

Note that no errors will be reported; the command will always return success (even when using a non-existing file for the certificate!). If the certificate doesn't show up in the Certificate Manager (certmgr.msc) after running this command, repeat the process using the manual steps below to check if there is any error in your certificate file.

Manual steps to install a Root CA certificate

  1. Double-click on the .cer file.
  2. On the Certificate dialog box, click Install Certificate to start the Certificate Import Wizard.
  3. On the Welcome page, click Next.
  4. On the Certificate Store page, select Place all certificates in the following store and click Browse.
  5. In the Select Certificate Store dialog box, select Show Physical Stores.
  6. Double-click Trusted Root Certification Authorities, select Local Computer, and then click OK.
  7. On the Certificate Store page, click Next.
  8. On the summary page, review the details and click Finish.

Install a Root CA certificate from PowerShell

See @harrymc's great answer below.


The PowerShell command Import-Certificate can be used to import a certificate:

Import-Certificate -FilePath "C:\path\Cert.Cer" -CertStoreLocation cert:\CurrentUser\Root

To run it through the Command Prompt (or batch) you may run it as:

powershell "Import-Certificate -FilePath ^"C:\path\Cert.Cer^" -CertStoreLocation cert:\CurrentUser\Root"

Note above the use of the ^ escape character.

To list all available certificate stores, start a PowerShell session and enter:

dir cert:\\LocalMachine\