/build/static/layout/Breadcrumb_cap_w.png

Repackaging Certificates

HI

I Have repackaged a set of certificates used for a web based application with wise

The problem I have is during the deployment of the msi.

the msi deploys ok on some client pc 's but not on other pc's with exactly the same build.

all the individual clients have the same admin rights
the op is win 2000

the error that I am getting is error 1406 " could not write value certificates to key"

hkcu/software/microsoft/systemcertificates/root/protectedroots

please any ideas will be much appreciated

0 Comments   [ + ] Show comments

Answers (9)

Posted by: jaybee96 19 years ago
Red Belt
1
I have the following solution to implement a certificate:

1. Download the .Net SDK which contains the certmgr.exe tool.
2. put the certmgr.exe tool and the certificate.cer in one folder
3. use the following commandline parameter:

certmgr.exe -add -all certifcatename.cer -s -r localmachine Root

you can wrap this up in a msi or whatever you like....

greetz,

Jeroen
Posted by: Bartesque 19 years ago
Orange Senior Belt
0
Only SYSTEM have write permission to this key

[8|]
Posted by: plangton 19 years ago
Second Degree Blue Belt
0
Import the certificate as a custom action, run in the deferred system context would be my suggestion, see this site:

http://weblogs.asp.net/hernandl/archive/2005/02/09/WinHttpCertCfgTool.aspx

Snapshotting the importation of a certificate is Bad News in my opinion.
Posted by: rahvintzu 19 years ago
Orange Senior Belt
0
I know this prob doesnt help, but have u thought of installing the required certs via GP?
Might prove to be a more reliable way.
Posted by: cygan 19 years ago
Fifth Degree Brown Belt
0
thanks all for the pointers
Posted by: KPrinz 19 years ago
Fourth Degree Green Belt
0
certmgr.exe -add -all certifcatename.cer -s -r localmachine Root

Works like a charm. Thanks so much for this hint!
And to make things easy, here the download link.
Posted by: AngelD 19 years ago
Red Belt
0
To be able to "install" an certificate you must have local administrative privilege which seems to be the case of cygan's users. This wouldn't work in a lookdown environment.

I would use a certificate server that publish the certificate to the end user, which will also do the trick to change the certificate when needed in a easier manner.
Posted by: KPrinz 19 years ago
Fourth Degree Green Belt
0
ORIGINAL: MSIMaker
I have to ask though.......does running that command allow users to install any certificate on the workstation?


Uh?
certmgr.exe is the command line tool to the Certificate Import Wizard that you run from inside IE. Nothing else. It just does the same thing on a cmd line to run it from a script.
Posted by: MSIMaker 19 years ago
2nd Degree Black Belt
-1
Nice pickup Jeroen :)

I have to ask though.......does running that command allow users to install any certificate on the workstation?

If it does then its not a real good solution for a locked down environments because users might visit a website and install certificates that may be dangerous to the enterprise. Having users installing certificates from websites that install browser hijacks could be very embarrassing indeed.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ