Note: this entry has moved.
If you need a command-line tool that enables administrators or developers implementing some automatic deployment tool to import certificates and their private keys for use on client computers this comes in handy for the job.
What it makes an intersecting choice for your deployment toolkit is the fact that this rather obscure gem, let you install any PFX certificate (Read: Private key included) and assign the required ACL permissions to your private key process account, that typically would be the ASPNET account for Windows XP (and older systems) and the Network Service account for W2K2 or better and the better part is that it is full scriptable with just specifying the right parameters.
Let’s see a quick example of the WinHttpCertCfg.exe in action. The following command imports a certificate and private key from a PFX file and extends private key access to the Network Service account.
| winhttpcertcfg -g -i "MyPfxcertificate.pfx" -c LOCAL_MACHINE\My -a “Network Service” -p pfxpassword |
You may find more examples here and download the WinHttpCertCfg tool here.
The only drawback that has this tool is that is intended for PFX certificate file format only and if you need to install a certificate public key only like a .p7b or .crt standard formats, you will need another tool like the Certificate Manager tool (CertMgr.exe) that comes with the Microsoft .NET Framework SDK tools and its usage is very simple as well.
This example installs the MyCA root certificate to the Local Machine “Trusted Root Certification Authorities” store (Root).
| certmgr -add -all -c "MyCA.p7b" -s -r localMachine Root |
As you see, both tools comes in handy whenever you need to build a deployment script or just assign the required permissions the a certificate private key file without the hassle of complicated APIs or obscure directory paths like “[Documents and Settings]\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys” and the like.
This posting is provided "AS IS" with no warranties, and confers no rights.