/bundles/itninjaweb/img/Breadcrumb_cap_w.png
Hi All,

Issue: In user mode the application is thorwing a pop-up regarding "CA certificate". I tried importing the certificate using following cmds:
certmgr.exe -add -c "<cert-file>" -s -r localMachine root
Certmgr.exe -c YourCertificate -s TrustedPublishers -add

It is showing "success", but the pop-up is coming again in user mode, and prompting to import the certificate again.

Anyone has any idea how to resolve this?

Thanks,
DN
0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity

Answers

0
Two clues:user mode and localMachine root and a hint, viz. your users are unlikely to have local administrator rights.
Answered 05/06/2011 by: VBScab
Red Belt

Please log in to comment
0
You mean to say that, i should install the certificate in "CurrentUser" mode. In that case i need to make sure that the cmd is executed for everyuser.

Did i understand your point or i missed any point?

Thnx
DN
Answered 05/06/2011 by: dnmech
Senior Purple Belt

Please log in to comment
0
If you do that, you need to use a different "root". MSDN will have the details. Search there for 'certmgr'. Alternatively - and better - install it in System context using the command line you have and it'll be installed for the machine, in other words, all users.
Answered 05/06/2011 by: VBScab
Red Belt

Please log in to comment
0
I am dealing with a simular issue where I have created my 2 certificates and need to add them as CAs into my MSI.
I had the certmgr.exe in the binary so my CA source linked to the certmgr in the bonary table and the Type is 3074.
Target was -add c:\temp\abc.cer -c -s -r LocalMachine TrustedPublisher

Works fine using the /qn switch "although" I see a couple of cmd windows popup and exit very quickly.
Therefore, via SCCM deployment testing....the package did not work....and I suspected it would not work too.
Testing via psexec -i -s cmd to execute cmd as system context.

I am trying another method....but I am suspicious.
Add the certmgr in the c:\windows dir.
The CA will use the SystemFolder in the Source - call cmd.exe /c c:\windows\certmgr.exe -add c:\temp\abc.cer -c -s -r LocalMachine TrustedPublisher
Type 3106

Am I going about it in the right way....not sure?
Answered 06/28/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment
0
@ tron2ole - If you are doing installation of machine based Certificate then it'll work fine.

you can also use type : 1106 CA

For Example:

CustomAction Table-

PublicPrimaryCertificate | 1106 | certmgr.exe | -add -c "[INSTALLDIR]Verisign Class 1 Public Primary CA - G3.cer" -s -r LocalMachine ROOT
IndividualSubscriberCertificate | 1106 | certmgr.exe | -add -c "[INSTALLDIR]Verisign Class 1 Individual Subscriber CA - G3.cer" -s -r LocalMachine CA
Answered 06/29/2011 by: dannyarya
Purple Belt

Please log in to comment
0
Cheers I will give it a shot.....[;)]
Answered 06/29/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment
0
If it helps,
I used: 'certutil -dspublish -f "SomeCertificateCA.cer" NTAuthCA'. To achieve the same thing.

Worked without issue running both from psexec cmd as system and from SCCM.

Cheers
Rich
Answered 06/29/2011 by: rich0864
Orange Belt

Please log in to comment
0
[8|]
WOW - I thought that I would just add the two blob registry keys: HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\
So the MSI only contains those two reg keys....installs fine and tested in system context....
In SCCM....does not deploy the reg keys....weird.....
I am now added the keys in a script and added as a CA in the MSI to test....strange though....
Could be one to be thrown to the SCCM forum....
Answered 06/30/2011 by: tron2ole
Third Degree Blue Belt

  • Make sure the "WriteRegistryValues" (containing this BLOB) will be executed earlier in the "InstallExecuteSequence" table than the "MsiInstallDrivers" or CA where drivers are being installed.
Please log in to comment
0
And the verbose log - which of course you specified in your command line - tells you......what?
Answered 07/01/2011 by: VBScab
Red Belt

Please log in to comment
0
The MSI verbose log was fine - no errors as the package actually installs - just no reg keys via SCCM but SCCM deployment.
The SCCM log showed an entry:The code is inconsistent with the package cache....
Anyway....the CA with the registry keys worked fine....
Answered 07/04/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment