How can I install a certificate on a remote machine with cmd (psexec)

Question

I'm trying to install a certificate using cmd on a remote machine. Before you suggest PS please keep in mind I can't use PS since the remote machine is some custom Windows which doesn't have it.
So for everything I am doing remotely I use psexec.

I made a bat file which will use certutil to add certificates to designated stores but I am unsure on how to copy them there push them to store and then remove the files after that. One think to note is that for the remote machine I am logging into I need to use a local account.

Does anyone here have any suggestions?

score 0 · Answer 1 · answered Apr 06 '22 at 09:23

You could transmit the certificates as base64 encoded text over the command line:

REM Convert binary to base64
certutil.exe -encode -f ".\certificate.cer" ".\tmp.b64"

REM Read base64 into variable
SET BASE64CERT=type .\tmp.b64

REM Run commands on remote computer
psexec.exe \\REMOTECOMPUTER "echo %BASE64CERT%> 'c:\Windows\temp\certificate.cer' && certutil.exe -addstore -f 'MY' 'c:\Windows\temp\certificate.cer' ** del 'c:\Windows\temp\certificate.cer'

How can I install a certificate on a remote machine with cmd (psexec)

1 Answers1