如何导入pfx证书并为所有用户设置私钥权限

Question

I have self-signed pfx certificate, and machine with 2 users (A and B). I need to install the certificate using some command line tool and it should be available for all users.

In case user A installs the certificate manually in LocalMachine\\My or LocalMachine\\Root it is available only for user A because user B doesn't have private key permissions.

I tried

winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\Root

but it doesn't help, certificate is available only for user that runs winhttpcertcfg.

I tried

winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\My

but it installs the certificate in Root instead of My regardless -c parameter.

I tried

certutil -f -p pass -importpfx "cert.pfx"

but it doesn't help, certificate is available only for user that runs certutil.

In case My store the issue can be fixed manually:

• Right click on the certificate in Local Machine Cert Manager -> All Tasks -> Manage Private Keys
• Add users A and B and set necessary permissions.

But I need some automatic way that I will use while installing my applications.

Answer 1

To import certificate you can use this powershell command

Import-PfxCertificate -FilePath $certFilename cert:$certStoreLocation -Password $mypwd

and use this for managing permissions

How to Grant permission to user on Certificate private key using powershell?

Answer 2

Import-PfxCertificate has been giving me issues when trying to grant permissions to the private key. The returned certificate and the certificate object grabbed using the

cert:\LocalMachine\My 

both have null on the private key property.

I have to use a x509 certificate store and x509certifcate2 object to import the certificate and private key. Then I'm able to change the private key permissions in powershell