I need to setup a deployment script that imports an SSL certificate that my service uses. I have tried importing with WinHttpCertCfg and with CertMgr to no avail.

Here are the command-line arguments I have tried to use with both:

winhttpcertcfg.exe -i <certname>.pfx -c LOCAL_MACHINE\My -p <password> -a <user service runs as>

and

CertMgr.exe -add -all -s -r localMachine -c <cert name> My

It seems from what I have investigated that CertMgr does not allow you to import certificates with a password, so I'd rather get winhttpcertcfg working.

When I run them I get the following output: WinHttpCertCfg:

Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

CertMgr:

CertMgr Succeeded

However, when I look into the local machine certificates in MMC, try to load them from my service, or list it out through winhttpcertcfg, or even looking at the registry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates it is not found.

I have tried all of the following:

• If I install the cert manually (Through CertMgr.msc dialogs) it works.
• The user installing is running as administrator
• The user installing has full access on the certificate
• The tools print out an error when something is wrong (wrong password)
• Tried it in multiple machines (All of them server 2008 R2)

At this point I am officially out of ideas.

Thank you.