Author Posts

July 29, 2016 at 1:06 am

I want to import a .pfx file in an automated way. I am getting a pop up when I run two scripts. I need only one of them to work with no popups.

From PowerShell I tried two different scripts when I opened PowerShell as administrator. Here they are:

#1 script
$pp = C:\foo\bar.pfx
certutil -addstore "CA" -f -user -p 'PASSWORD' -importpfx $pp NoRoot

#I doubt NoRoot was needed. I tried the above with NoRoot and the behavior was the same.

#2 script
# I am not showing how I got a password into a SecureString. But here is the main part of the code:
$pp = C:\foo\bar.pfx
Import-PfxCertificate -FilePath $pp Cert:\CurrentUser\My -Password $secretp

Both of these above scripts result in the "Certificate Import Wizard" popping up. I can manually change the "Store Location" in this pop up. I can click "Next" etc. I see the settings that were entered via the script. The problem is that I want to automate the process with no manual interaction. The GUI hurts the goal of automating importing the bar.pfx file.

I get around this problem I tried something completely different. I opened a cmd prompt as administrator. I tried these commands:

certmgr /add /c bar.pfx /s my
certmgr /add /c bar.pfx /s root

Both of the above commands open an MMC window. I can view certificates. I do not see that the commands completed. I tried the above with the /v flag. That provided no more information. Manually interacting with the MMC is not going to work for me.

I've now tried three distinct (certutil in PowerShell, Import-PfxCertificate in PowerShell, and certmgr in a command prompt) solutions. They all have failed. What can I do to import this pfx file using automation?

July 29, 2016 at 1:32 am

You're missing quotation marks around the path to your PFX file in both versions of the script. Most of the time this would just give you an error, but by a stroke of luck, windows knows how to "execute" a .pfx file, so it just launches the import wizard before you ever get to your calls to certutil or Import-PfxCertificate.

# this:
$pp = C:\foo\bar.pfx

# should be this:
$pp = 'C:\foo\bar.pfx'