Share via

Web Certificate Store

Travis Laira 161 Reputation points
2022-09-12T06:25:55.38+00:00

Dear Team,

I have a bank that requires us to install a certificate on our individual workstation so that we are authorized to access their web portal.

However when we tested, the certificate is only picked up while being input in the Personal Store. The issue is since im using group policy to mass deploy the certificate, Group Policy doesnt have Personal store as an option to deploy the certificate, it has the other stores such as Trusted Root CA, Enterprise Root etc...

Is there any other solution i can remotely deploy the certificate to the personal stores of the computers in my company so that all users can access the web portal.

Grateful for your support.

Travis

Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Windows for business Windows Server Devices and deployment Configure application groups
Windows for business Windows Client for IT Pros User experience Other
0 comments
Accepted answer
  1. Limitless Technology 39,916 Reputation points
    2022-09-12T20:01:40.297+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query\issues related certificate import to Personal store.

    1 . Placed the yourcerticate.pfx on a network share (e.g. %LOGONSERVER%\netlogon\certificates\yourcerticate.pfx ).

    1. Create a .BAT certutil -f -user -p "CertificatePassword" -importpfx "%LOGONSERVER%\netlogon\certificates\yourcerticate.pfx"
    2. Create a .vbs file script named import-certificate-silently.vbs that will run the import-certificate.bat script silently

    set oShell = CreateObject ("Wscript.Shell")
    Dim strArgs
    strArgs = "cmd /c %LOGONSERVER%\netlogon\certificates\import-certificate.bat"
    oShell.Run strArgs, 0, false

    Reference :

    https://social.technet.microsoft.com/Forums/office/en-US/25ec4817-d631-444d-b7b7-9934f87e8093/deploying-computer-certificate-to-the-personal-computer-store-using-group-policy?forum=winserverGP

    ------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vadims Podāns 9,186 Reputation points MVP
    2022-09-13T11:18:15.423+00:00

    First of all, I would strongly NOT recommend the solution provided by @Limitless Technology , because it is extremely insecure. Anyone can steal the certificate and private key with all the unfortunate consequences.

    The issue is since im using group policy to mass deploy the certificate

    this part is suspicious. If this is a client authentication certificate, then it must be installed only for persons (most likely it is a very small group) who needs an access your bank web site. All other persons should not have access to bank account. To solve this task, you have to distribute the certificate and private key only to target persons with instructions on how to install it. There is no way to solve this particular task using group policies.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.