Deploy ONE Certificate to MANY user’s personal cert store

Problem

Using Group Policies, you can import Certificates of Root Authorities or other Trusted Certificates. It’s also possible to use auto enrollment to deploy Certificates to Users, if an internal enterprise CA is used to handle the requests. But you cannot deploy one single standalone Certificate with private key to many users.

Solution

This can only be done using a script, ran using GPO’s or in an existing login script – if there’s still one in place.

Code

Use this command to import a PKCS#12 file (*.pfx or *.p12) into user’s Personal Certificate store.

certutil -importpfx -f -user -p "test" test.p12 NoRoot

Put your private key’s passwort after Parameter “-p”; in my example, the password was “test” and the PKCS#12 file is called test.p12.

Advertisements