Add certificate to Trusted Publisher programmatically

Question

I have a usb driver which is signed. I also have the certificate provided by the publisher. If I try to install the driver with pnputil

pnputil /add-driver CerttName.cer /install

I'm asked if I want to add the publisher to Trusted Publishers.

To avoid it I tried to add the certificate to Trusted Publishers programmatically

string file = @"C:\Certificates\CertName.cer";
X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file)));
store.Close();

The certificate has been added but I'm still prompted by pnputil to add the publisher to Trusted Publishers.

If I use certutil

certutil -addstore "TrustedPublisher" CertName.cer

then I'm not prompted by pnputil.

I also tried to import the certificate manually from certmgr.msc but it also didn't work.

I don't understand why only certutil works and other ways (specially X509Store) not.

score 5 · Accepted Answer · answered Nov 01 '19 at 08:47

5

The problem is that you are installing the certificate in CurrentUser store, while it must be presented in LocalMachine store. Certutil defaults to local machine.

X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);

answered Nov 01 '19 at 08:47

Crypt32

12,850
2
41
70

If I use certutil I see the certificate in CurrentUser. – user2250152 Nov 01 '19 at 08:51
1

Because it is propagated from `LocalMachine`. – Crypt32 Nov 01 '19 at 08:52

Add certificate to Trusted Publisher programmatically

1 Answers1