Windows Server

Import certificates into Trusted Root and Personal certificate store

Trusted Root Certification Authorities certificate store is configured with a set of public CAs that have met the requirements of the Microsoft Root Certificate Program. Administrators can configure the default set of trusted CAs and install their own private CA for verifying software. In this article, I will sho you how to Import certificates into Trusted Root and Personal certificate store. Please see how to Change your root password: How to enable and disable the root user on your macOS. How to add languages to your Personal PC, how to Generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate. And how to fix there was an error opening the Trusted Platform Module snap-in: You do not have permission to open the Trusted Platform Module Console.

On how to create a certificate signing request, see the guide “create a certificate signing request using the MMC”. Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store. All current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.  

What is a Trusted Root CA store?

In a nutshell, the Trusted Root CA store is for root CA certificates you want to trust. You rarely want to put certificates here due to its security implementation and the Personal store is for certificates you want to trust. You will put your certificate here. Please see the following interesting related how-to articles on how to import a certificate into the Trusted Root and Personal file certificate store, and how to export a certificate in PFX format in Windows. You may also be interested in this guide: How to install and configure Active Directory Certificate Services.

Note: This can also be done via the command line. For what a PEM file is, see this link. On Windows, this can be achieved with the following steps below without using a 3rd party tool and there are different ways to accomplish this.

Import Certificates

Ensure the certificate that you would like to convert is first imported to the certificate store. In this way, you can export and save it in the desired format.

On the Welcome to Certificate Import Wizard, Click on Next as shown below.

Browse to the file you would like to import and click on Next

Note: Remember to select the wildcard file type, or else this might not work. Place the certificate in the Personal certificate store.

Complete the Certificate Import Wizard as shown below

If successfully imported, you will get a certificate Import Wizard Success.

Additional piece if you are interested

The certificate store is central to all certificate functionality. The certificates are managed in the store using functions with a "Cert" prefix. Certificates, CRLs, and CTLs can be kept and maintained in certificate stores. They can be retrieved from a store where they have been persisted for use in authentication processes.

Certificates in a certificate store are normally kept in some kind of permanent storage such as a disk file or the system registry. 

Certificate stores can also be created and opened strictly in memory. A memory store provides temporary certificate storage for working with certificates that do not need to be kept.

I hope you found this blog post helpful on how to Import certificates into Trusted Root and Personal certificate store. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x