Deploy a Certificate by Using the Command Prompt

Applies To: Windows Server 2008

You can use this procedure to install a certificate into the certificate stores on a computer by using the CertMgr.exe command-line tool. The CertMgr command-line tool is part of the Windows Driver Kit (WDK). To access the WDK, see

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To deploy a certificate by using CertMgr.exe at a command prompt

  1. At a command prompt, type the following, and then press ENTER:

    certmgr.exe -add MyCert.cer -s -r localMachine trustedpublisher

    Value Description

    -add MyCert.cer

    Specifies that the certificate found in the file MyCert.cer is to be added to a certificate store.


    Specifies that the store is the computer certificate store.

    -r localMachine

    Specifies that the computer certificate store is found under the registry location HKEY_LOCAL_MACHINE.


    Specifies that the certificate is to be placed in the Trusted Publishers certificate store.

  2. If the certificate is self-signed, and cannot be traced back to a certificate that is in your Trusted Root Certification Authorities, then you must place a copy of your certificate in that store as well.

    certmgr.exe -add MyCert.cer -s -r localMachine root

    Value Description


    Specifies that the certificate is to be placed in the Trusted Root Certification Authorities certificate store.

Formatting legend

Format Meaning


Information that the user must supply


Elements that the user must type exactly as shown

Additional references