How-to install windows certificates

Owned by Benjamin Löhrer (Unlicensed)
Last updated: 11. Apr 2022 by RoFa
3 min read

Introduction

As documented in Connectivity (Network ports, protocols and certificates), there are various distributed services that need a certificate to secure the connection between the two parties. Most of the times, those certificates are read from a local certificate store such as the Windows Certificate Store. This how to shows you how to add a certificate there and give the appropriate service user access to the private key.

Step 1 - Open MMC and add a Snap-in

Start the certificate store with; "Win + R | mmc". Now you will see the Certificate store. Add a new Snap-in with following steps:

  • Click on "File" and than click on "Add/Remove Snap-in" or with the keyboard shortcut ctrl + M

  • Open "Certificates" by double clicking it → Let the computer account to manage the certificates

  • Install the certificates on the local computer

  • To open the Snap-in just click "OK" at the end of these steps

        

Step 2 - Install the certificate

Navigate to the folder "Personal" and open it. Do a right click on the folder "Certificates" to open the task menu. Choose All Tasks → Import to import the certificate. Click "Next" in the first window. Now browse for the certificate that you want to add. After that click "Next" again.

To add the certificate you have to enter the password of the certificate, which was generated at the export to import the private key.

Check the checkbox “Mark this key as exportable”.

After you have done this, you need to choose the folder where you want to add the certificate. In the normal case this is the folder "Personal". Click "Next" to continue. 

 

To complete the changes click "Finish". Confirm all your changes by clicking "OK" in the popup window that will open.

Step 3 - Check the recently added certificate

Navigate to the certificate, which you added before, in the certificate store. Double click on the certificate and check the path and the status of the certificate.

Step 4 - Service User rights

Navigate to the certificate and do a right click on it "→ All Tasks → Manage private key" to manage the private key. Give full control to the service user on the certificate. Apply these changes with "OK"

Step 5 - Optional

Export public certificate to install it on an other server.

Install the exported public certificate on all communication-partners like: Web-Server, system connector, and so on.

Do the same on all communication-partners. Export their public certificate and add it on the server.

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.