Installing a certificate on VISTA

I have a need to install a certificate from an installation program.

I currently use a BAT file to install a certificate by issuing the following
lines

winhttpcertcfg.exe -i personal.pfx -c local_machine\My -a %computername%
certmgr.exe -add -c rootcert.cer -s -r localMachine root

This works on VISTA if I disable the UAC. However, it does not even prompt
for proper access if I have the UAC turned on. I have tried shelling the
command lines from an installation program, but it has the same problem.

How can I create a process with the proper credentials to install the
certificate? Are there APIs or .NET functions I could call to install the
certificate from my program without shelling to the Microsoft programs?

Can someone point me in the correct direction?

Vance

You need way to elevate the commands or batch file. Have you tried
runas.exe?

You can call .NET functions to import a cert. See the sample code on this
page:
http://msdn2.microsoft.com/en-us/lib...tificate2.aspx

The process needs to be elevated if you import anything to machine root
store.

Haitao Li

"Vance" <vtemeyer@yahoo.com> wrote in message
news:uBy4#q$XHHA.4940@TK2MSFTNGP05.phx.gbl...
>I have a need to install a certificate from an installation program.
>
> I currently use a BAT file to install a certificate by issuing the
> following lines
>
> winhttpcertcfg.exe -i personal.pfx -c local_machine\My -a %computername%
> certmgr.exe -add -c rootcert.cer -s -r localMachine root
>
> This works on VISTA if I disable the UAC. However, it does not even
> prompt for proper access if I have the UAC turned on. I have tried
> shelling the command lines from an installation program, but it has the
> same problem.
>
> How can I create a process with the proper credentials to install the
> certificate? Are there APIs or .NET functions I could call to install the
> certificate from my program without shelling to the Microsoft programs?
>
> Can someone point me in the correct direction?
>
> Vance
>

I can now import a certificate with a .CER extension programatically.
Thanks! However, When I do the same thing with a .PFX file, the certifacte
does not seem to register correctly. Obviously, I'm missing a key piece.
Can someone please point me in the proper direction for PFX files?

Here is my DOS command that works fine, but again, this doesn't work unless
the end user does a "run as" administrator, so I would prefer to do the
proper import programatically.

winhttpcertcfg -i Personal.pfx -c local_machine\My -a %computername%

My attempt at code to do the same thing is included below. The certificate
displays exactly the same in MMC, but it doesn't seem to work the same.
What am I doing wrong?


Private Sub btnPfx_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnPfx.Click

Dim msg As String

Dim strComputername As String

strComputername = My.Computer.Name

Try

' Dim store As New X509Store("MY", StoreLocation.CurrentUser)

Dim store As New X509Store("MY", StoreLocation.LocalMachine)

store.Open((OpenFlags.ReadWrite))

Dim x509 As New X509Certificate2()

'Create X509Certificate2 object from .PFX file.

Dim rawData As Byte() = ReadFile(txtCertFilename.Text)

x509.Import(rawData)

'store the data

store.Add(x509)

store.Close()

MsgBox("Cert added")

Catch ex As Exception

msg = "Error: Information could not be written out for this certificate."

MsgBox(msg)

End Try

End Sub



Thanks again for your assistance!

"Haitao Li" <lht1999 [at] hotmail.com> wrote in message
news:35615EA4-CA4D-408D-B00E-1FE7D2CE739F@microsoft.com...
> You need way to elevate the commands or batch file. Have you tried
> runas.exe?
>
> You can call .NET functions to import a cert. See the sample code on this
> page:
> http://msdn2.microsoft.com/en-us/lib...tificate2.aspx
>
> The process needs to be elevated if you import anything to machine root
> store.
>
> Haitao Li
>
> "Vance" <vtemeyer@yahoo.com> wrote in message
> news:uBy4#q$XHHA.4940@TK2MSFTNGP05.phx.gbl...
>>I have a need to install a certificate from an installation program.
>>
>> I currently use a BAT file to install a certificate by issuing the
>> following lines
>>
>> winhttpcertcfg.exe -i personal.pfx -c local_machine\My -a %computername%
>> certmgr.exe -add -c rootcert.cer -s -r localMachine root
>>
>> This works on VISTA if I disable the UAC. However, it does not even
>> prompt for proper access if I have the UAC turned on. I have tried
>> shelling the command lines from an installation program, but it has the
>> same problem.
>>
>> How can I create a process with the proper credentials to install the
>> certificate? Are there APIs or .NET functions I could call to install
>> the certificate from my program without shelling to the Microsoft
>> programs?
>>
>> Can someone point me in the correct direction?
>>
>> Vance
>>

Is your PFX password protected? I have never done it before, but here is the
code from msdn: http://msdn.microsoft.com/msdnmag/is...3/NETSecurity/

X509Certificate2 cert2 = new X509Certificate2("alice.pfx", password);


"Vance" <vtemeyer@yahoo.com> wrote in message
news:ut8FlqlYHHA.3272@TK2MSFTNGP03.phx.gbl...
>I can now import a certificate with a .CER extension programatically.
>Thanks! However, When I do the same thing with a .PFX file, the
>certifacte does not seem to register correctly. Obviously, I'm missing a
>key piece. Can someone please point me in the proper direction for PFX
>files?
>
> Here is my DOS command that works fine, but again, this doesn't work
> unless the end user does a "run as" administrator, so I would prefer to do
> the proper import programatically.
>
> winhttpcertcfg -i Personal.pfx -c local_machine\My -a %computername%
>
> My attempt at code to do the same thing is included below. The
> certificate displays exactly the same in MMC, but it doesn't seem to work
> the same. What am I doing wrong?
>
>
> Private Sub btnPfx_Click(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles btnPfx.Click
>
> Dim msg As String
>
> Dim strComputername As String
>
> strComputername = My.Computer.Name
>
> Try
>
> ' Dim store As New X509Store("MY", StoreLocation.CurrentUser)
>
> Dim store As New X509Store("MY", StoreLocation.LocalMachine)
>
> store.Open((OpenFlags.ReadWrite))
>
> Dim x509 As New X509Certificate2()
>
> 'Create X509Certificate2 object from .PFX file.
>
> Dim rawData As Byte() = ReadFile(txtCertFilename.Text)
>
> x509.Import(rawData)
>
> 'store the data
>
> store.Add(x509)
>
> store.Close()
>
> MsgBox("Cert added")
>
> Catch ex As Exception
>
> msg = "Error: Information could not be written out for this certificate."
>
> MsgBox(msg)
>
> End Try
>
> End Sub
>
>
>
> Thanks again for your assistance!
>
> "Haitao Li" <lht1999 [at] hotmail.com> wrote in message
> news:35615EA4-CA4D-408D-B00E-1FE7D2CE739F@microsoft.com...
>> You need way to elevate the commands or batch file. Have you tried
>> runas.exe?
>>
>> You can call .NET functions to import a cert. See the sample code on this
>> page:
>> http://msdn2.microsoft.com/en-us/lib...tificate2.aspx
>>
>> The process needs to be elevated if you import anything to machine root
>> store.
>>
>> Haitao Li
>>
>> "Vance" <vtemeyer@yahoo.com> wrote in message
>> news:uBy4#q$XHHA.4940@TK2MSFTNGP05.phx.gbl...
>>>I have a need to install a certificate from an installation program.
>>>
>>> I currently use a BAT file to install a certificate by issuing the
>>> following lines
>>>
>>> winhttpcertcfg.exe -i personal.pfx -c local_machine\My -a %computername%
>>> certmgr.exe -add -c rootcert.cer -s -r localMachine root
>>>
>>> This works on VISTA if I disable the UAC. However, it does not even
>>> prompt for proper access if I have the UAC turned on. I have tried
>>> shelling the command lines from an installation program, but it has the
>>> same problem.
>>>
>>> How can I create a process with the proper credentials to install the
>>> certificate? Are there APIs or .NET functions I could call to install
>>> the certificate from my program without shelling to the Microsoft
>>> programs?
>>>
>>> Can someone point me in the correct direction?
>>>
>>> Vance
>>>
>
>

My PFX file is not password protected, but I do appreciate the link to the
MSDN article. Perhaps I can find the answer in the article.

Thanks for your response!

Vance
"Haitao Li" <lht1999 [at] hotmail.com> wrote in message
news:E23697C7-CF18-43B8-8D66-45F957F3090F@microsoft.com...
> Is your PFX password protected? I have never done it before, but here is
> the code from msdn:
> http://msdn.microsoft.com/msdnmag/is...3/NETSecurity/
>
> X509Certificate2 cert2 = new X509Certificate2("alice.pfx", password);
>
>
> "Vance" <vtemeyer@yahoo.com> wrote in message
> news:ut8FlqlYHHA.3272@TK2MSFTNGP03.phx.gbl...
>>I can now import a certificate with a .CER extension programatically.
>>Thanks! However, When I do the same thing with a .PFX file, the
>>certifacte does not seem to register correctly. Obviously, I'm missing a
>>key piece. Can someone please point me in the proper direction for PFX
>>files?
>>
>> Here is my DOS command that works fine, but again, this doesn't work
>> unless the end user does a "run as" administrator, so I would prefer to
>> do the proper import programatically.
>>
>> winhttpcertcfg -i Personal.pfx -c local_machine\My -a %computername%
>>
>> My attempt at code to do the same thing is included below. The
>> certificate displays exactly the same in MMC, but it doesn't seem to work
>> the same. What am I doing wrong?
>>
>>
>> Private Sub btnPfx_Click(ByVal sender As System.Object, ByVal e As
>> System.EventArgs) Handles btnPfx.Click
>>
>> Dim msg As String
>>
>> Dim strComputername As String
>>
>> strComputername = My.Computer.Name
>>
>> Try
>>
>> ' Dim store As New X509Store("MY", StoreLocation.CurrentUser)
>>
>> Dim store As New X509Store("MY", StoreLocation.LocalMachine)
>>
>> store.Open((OpenFlags.ReadWrite))
>>
>> Dim x509 As New X509Certificate2()
>>
>> 'Create X509Certificate2 object from .PFX file.
>>
>> Dim rawData As Byte() = ReadFile(txtCertFilename.Text)
>>
>> x509.Import(rawData)
>>
>> 'store the data
>>
>> store.Add(x509)
>>
>> store.Close()
>>
>> MsgBox("Cert added")
>>
>> Catch ex As Exception
>>
>> msg = "Error: Information could not be written out for this certificate."
>>
>> MsgBox(msg)
>>
>> End Try
>>
>> End Sub
>>
>>
>>
>> Thanks again for your assistance!
>>
>> "Haitao Li" <lht1999 [at] hotmail.com> wrote in message
>> news:35615EA4-CA4D-408D-B00E-1FE7D2CE739F@microsoft.com...
>>> You need way to elevate the commands or batch file. Have you tried
>>> runas.exe?
>>>
>>> You can call .NET functions to import a cert. See the sample code on
>>> this page:
>>> http://msdn2.microsoft.com/en-us/lib...tificate2.aspx
>>>
>>> The process needs to be elevated if you import anything to machine root
>>> store.
>>>
>>> Haitao Li
>>>
>>> "Vance" <vtemeyer@yahoo.com> wrote in message
>>> news:uBy4#q$XHHA.4940@TK2MSFTNGP05.phx.gbl...
>>>>I have a need to install a certificate from an installation program.
>>>>
>>>> I currently use a BAT file to install a certificate by issuing the
>>>> following lines
>>>>
>>>> winhttpcertcfg.exe -i personal.pfx -c local_machine\My -a
>>>> %computername%
>>>> certmgr.exe -add -c rootcert.cer -s -r localMachine root
>>>>
>>>> This works on VISTA if I disable the UAC. However, it does not even
>>>> prompt for proper access if I have the UAC turned on. I have tried
>>>> shelling the command lines from an installation program, but it has the
>>>> same problem.
>>>>
>>>> How can I create a process with the proper credentials to install the
>>>> certificate? Are there APIs or .NET functions I could call to install
>>>> the certificate from my program without shelling to the Microsoft
>>>> programs?
>>>>
>>>> Can someone point me in the correct direction?
>>>>
>>>> Vance
>>>>
>>
>>