So as part of the provisioning process, many companies will have their servers import and export certs. It shouldn’t matter if you use a third party CA or an Enterprise CA, these scripts simply create a CSR ‘Request-NewCert’ and import the .cer file ‘Import-Cert’.
Go to my gwSecurity section on Github and run the scripts for importing and exporting certificates.
Request-NewCertwill create a CSR that you can run through a third party CA and get the .cer file to import.
Then you can run
Import-Certto import it to the Cert:\LocalMachine\My\ location.
If you want, you can also run the
Show-ComputerCertsscripts to open an MMC file directly to your local machine certificates.
After importing, make sure that you see the lock icon next to the certs name. This verifies you have both the public and private key for the cert.
- I have seen cases where certs didn’t import correctly. If that happens, just run:
- Get the
SerialNumberfrom viewing the cert properties; make sure to remove any special characters or spaces
- Open an admin CMD prompt and type:
certutil –repairstore my 010101010100101replacing with 01 sequence with your serialnumber.
certutil –repairstore my 43e5e29096b64fd91a03b44eb040283f