4

I am trying to install a certificate provided by mitmproxy.org via powershell and windows is not saving the certificate in the correct location.

Commands I tried to run:

Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation cert:\LocalMachine\Root Instead of inserting a cert into Trusted Root Certification Authorities, it put it in Intermediate Certification Authorities.

Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation cert:\CurrentUser\Root Did the same as the first command.

Even setting the working location to PS Cert:\localmachine\Root> did not manage to import into the Root location. Get-ChildItem -Path c:\mitmproxy-ca-cert.p12 | Import-PfxCertificate -CertStoreLocation .

There are no errors, all commands ran their course. I ran them with admin privileges.

Manually left-clicking on the mitmproxy-ca-cert.p12 however does start an import GUI that successfully imports it into the Root location. Why is the powershell not working tho?

Following mitmproxy.org own guide for command-line installation is of no use because it simply doesn't work:

How to install on Windows (Automated)

certutil.exe -importpfx Root mitmproxy-ca-cert.p12

C:\>certutil -importpfx Root mitmproxy-ca-cert.p12
Enter PFX password:
CertUtil: -importPFX command FAILED: 0x80092007 (-2146885625 CRYPT_E_SELF_SIGNED)
CertUtil: The specified certificate is self signed.

Can anyone shed some light what is going on here? Thank you.

miyagisan
  • 805
  • 1
  • 9
  • 19
  • You have multiple certificates in 'Pfx' ? I don't think is possible now. I have a same question here: `https://superuser.com/questions/1471833/how-i-make-the-publisher-certificate-to-be-installed-into-trusted-publishers-b`. – Marian Aug 28 '19 at 13:51
  • To double-check the store is correct open the GUI and find a certificate that's only in the Trusted Root folder. Copy the thumbprint (without spaces) and run the command: dir -Path cert:\ -Recurse | Where {$_.Thumbprint -eq "thumbprintwithoutspaces"} – Scepticalist Aug 28 '19 at 13:59
  • You need another method for that. I know the Pfx file not save the certificates path. Check the answers. – Marian Aug 28 '19 at 14:37

1 Answers1

4

I make a script for you, tell me if you don't understand.

$in_cert = "C:\Users\Marian\Desktop\Pfx Certificate.pfx";
$password = Read-Host -AsSecureString;

# Read the pfx certificate data:
$pfx = (Get-PfxData -FilePath $in_cert -Password $password -ErrorAction Stop);

# Get the root and publisher certificate:
$root = $pfx.OtherCertificates[0];
$publisher = $pfx.EndEntityCertificates[0];

# Add the root:
$rootStore = Get-Item "Cert:\CurrentUser\Root";
$rootStore.Open('ReadWrite');
$rootStore.add($root);
$rootStore.close();

# Add the publisher:
$rootStore = Get-Item "Cert:\CurrentUser\TrustedPublisher";
$rootStore.Open('ReadWrite');
$rootStore.add($publisher);
$rootStore.close();

Pause;

I posted to my post too: My Post

Marian
  • 169
  • 10
  • Many thanks, that worked. May I also email you with just one followup on this topic if you are willing to post a public email address here? – miyagisan Aug 28 '19 at 15:13