1

I'm trying to install a certificate into my windows 2008 but I'm not able to do it right.

I have a .crt file and I click to install from contextual menu. It succeed to import but if I browse the certificate store (personal -> local computer) it is not there.

I searched by thumbprint on all repositories and the cert is nowhere.

What's missing here?

StackOverflower
  • 257
  • 2
  • 6
  • 12

3 Answers3

4

You're installing the certificate into your user account's certificate store. Use the "Import" functionality inside the Certificates MMC snap-in, targeted at the computer, to import the certificate into the computer's certificate store.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Thanks, I did that at some point but it doesn't import the private key doing it like this. Not sure why. Or at least it seems to me that didn't do it (the cert icon on mmc doesn't show the "key" over the certificate) – StackOverflower Feb 13 '13 at 21:12
  • @TimmyO'Tool, the private key usually isn't included in the CRT file. Where do you generate the CSR from? – Zoredache Feb 13 '13 at 21:42
  • Honeslty I just got this certificate by email from a team member so I did nothing with it. Do you need to know the issuer? – StackOverflower Feb 14 '13 at 12:19
3

This is what you should do if you want to import a cert into the SYSTEM account certificate store:

  1. fire up MMC by executing mmc.exe
  2. choose File / Add/Remove Snap-in fom the menu
  3. select the "Certificates" snap-in to add and use the "Local computer" as the destination
  4. import the certificate using the wizard and make sure you are specifying the store and not letting the wizard decide

If you simply "import" the cert using Windows Explorer it will go into the current users' personal certificate store - where you probably do not want to see it.

See also http://technet.microsoft.com/en-US/library/cc754431.aspx

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • Thanks, I did that at some point but it doesn't import the private key doing it like this. Not sure why. Or at least it seems to me that didn't do it (the cert icon on mmc doesn't show the "key" over the certificate) – StackOverflower Feb 14 '13 at 12:21
0

You have to import the certificate in the proper keystore. The wizard for the import has the option to chose the X509 certificates keystore.

You have to chose the proper keystore for your application.

What are you trying to import?

  • A host certificate for a CRQ you submited to be signed for your host
  • An exported keystore with a certificate and a private key
  • A root certificate of a not yet trusted certificate authority
  • A self signed host certificate
Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83