Windows Server

How to import certificates into the Trusted Root and Personal file certificate store in Windows

Trusted Root Certification Authorities (CA) store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Administrators can configure the default set of trusted CAs and install their own private CA for verifying software. Please see the following interesting related how-to articles on how to import a certificate into the Trusted Root and Personal file certificate store, how to request a certificate signing request in Windows using Microsoft Management Console, and how to export a certificate in PFX format in Windows. You may also be interested in this guide: How to install and configure Active Directory Certificate Services.

Note: Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.

In a nutshell,
– Trusted Root CA store is for root CA certificates you want to trust. You rarely want to put certificates here due to its security implementation.
– Personal store is for certificates you want to trust. You will put your certificate here.

Note: This can also be done via the command line. For what a PEM file is, see this link.
– On windows, this can be achieved with the following steps below without using a 3rd party tool and there are different ways to accomplish this.

Ensure the certificate that you would like to convert is first imported to the certificate store. In this way, you can export and save it in the desired format.

– On the Welcome to certificate Import Wizard, Click on Next

– Browse to the file you would like to import and
– Click on Next

Note: Remember to select the wildcard file type, or else this might not work
– Place the certificate in the Personal certificate store.

– Complete the Certificate Import Wizard as shown below

If successfully imported, you will get a certificate Import Wizard Success.

Additional piece if you are interested
The certificate store is central to all certificate functionality. The certificates are managed in the store using functions with a "Cert" prefix. Certificates, CRLs, and CTLs can be kept and maintained in certificate stores. They can be retrieved from a store where they have been persisted for use in authentication processes.

Certificates in a certificate store are normally kept in some kind of permanent storage such as a disk file or the system registry. Certificate stores can also be created and opened strictly in memory. A memory store provides temporary certificate storage for working with certificates that do not need to be kept.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x