Windows Server

How to import a certificate into the Trusted Root and Personal file certificate store

Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Administrators can configure the default set of trusted CAs and install their own private CA for verifying software. On how to create a certificate signing request, see the guide “create a certificate signing request using the MMC”. Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.  

In a nutshell, the Trusted Root CA store is for root CA certificates you want to trust. You rarely want to put certificates here due to its security implementation and the Personal store is for certificates you want to trust. You will put your certificate here. Please see the following interesting related how-to articles on how to import a certificate into the Trusted Root and Personal file certificate store, and how to export a certificate in PFX format in Windows. You may also be interested in this guide: How to install and configure Active Directory Certificate Services.

Note: This can also be done via the command line. For what a PEM file is, see this link. On Windows, this can be achieved with the following steps below without using a 3rd party tool and there are different ways to accomplish this.

Ensure the certificate that you would like to convert is first imported to the certificate store. In this way, you can export and save it in the desired format.

– On the Welcome to certificate Import Wizard, Click on Next as shown below.

– Browse to the file you would like to import and
– Click on Next

Note: Remember to select the wildcard file type, or else this might not work
– Place the certificate in the Personal certificate store.

– Complete the Certificate Import Wizard as shown below

If successfully imported, you will get a certificate Import Wizard Success.

Additional piece if you are interested

The certificate store is central to all certificate functionality. The certificates are managed in the store using functions with a "Cert" prefix. Certificates, CRLs, and CTLs can be kept and maintained in certificate stores. They can be retrieved from a store where they have been persisted for use in authentication processes.

Certificates in a certificate store are normally kept in some kind of permanent storage such as a disk file or the system registry. Certificate stores can also be created and opened strictly in memory. A memory store provides temporary certificate storage for working with certificates that do not need to be kept.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x