Deploy ONE Certificate to MANY user’s personal cert store


Using Group Policies, you can import Certificates of Root Authorities or other Trusted Certificates. It’s also possible to use auto enrollment to deploy Certificates to Users, if an internal enterprise CA is used to handle the requests. But you cannot deploy one single standalone Certificate with private key to many users.


This can only be done using a script, ran using GPO’s or in an existing login script – if there’s still one in place.


Use this command to import a PKCS#12 file (*.pfx or *.p12) into user’s Personal Certificate store.

certutil -importpfx -f -user -p "test" test.p12 NoRoot

Put your private key’s passwort after Parameter “-p”; in my example, the password was “test” and the PKCS#12 file is called test.p12.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s