Hi All,

Issue: In user mode the application is thorwing a pop-up regarding "CA certificate". I tried importing the certificate using following cmds:
certmgr.exe -add -c "<cert-file>" -s -r localMachine root
Certmgr.exe -c YourCertificate -s TrustedPublishers -add

It is showing "success", but the pop-up is coming again in user mode, and prompting to import the certificate again.

Anyone has any idea how to resolve this?

Thanks,
DN
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Two clues:user mode and localMachine root and a hint, viz. your users are unlikely to have local administrator rights.
Answered 05/06/2011 by: VBScab
Red Belt

Please log in to comment
0
You mean to say that, i should install the certificate in "CurrentUser" mode. In that case i need to make sure that the cmd is executed for everyuser.

Did i understand your point or i missed any point?

Thnx
DN
Answered 05/06/2011 by: dnmech
Senior Purple Belt

Please log in to comment
0
If you do that, you need to use a different "root". MSDN will have the details. Search there for 'certmgr'. Alternatively - and better - install it in System context using the command line you have and it'll be installed for the machine, in other words, all users.
Answered 05/06/2011 by: VBScab
Red Belt

Please log in to comment
0
I am dealing with a simular issue where I have created my 2 certificates and need to add them as CAs into my MSI.
I had the certmgr.exe in the binary so my CA source linked to the certmgr in the bonary table and the Type is 3074.
Target was -add c:\temp\abc.cer -c -s -r LocalMachine TrustedPublisher

Works fine using the /qn switch "although" I see a couple of cmd windows popup and exit very quickly.
Therefore, via SCCM deployment testing....the package did not work....and I suspected it would not work too.
Testing via psexec -i -s cmd to execute cmd as system context.

I am trying another method....but I am suspicious.
Add the certmgr in the c:\windows dir.
The CA will use the SystemFolder in the Source - call cmd.exe /c c:\windows\certmgr.exe -add c:\temp\abc.cer -c -s -r LocalMachine TrustedPublisher
Type 3106

Am I going about it in the right way....not sure?
Answered 06/28/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment
0
@ tron2ole - If you are doing installation of machine based Certificate then it'll work fine.

you can also use type : 1106 CA

For Example:

CustomAction Table-

PublicPrimaryCertificate | 1106 | certmgr.exe | -add -c "[INSTALLDIR]Verisign Class 1 Public Primary CA - G3.cer" -s -r LocalMachine ROOT
IndividualSubscriberCertificate | 1106 | certmgr.exe | -add -c "[INSTALLDIR]Verisign Class 1 Individual Subscriber CA - G3.cer" -s -r LocalMachine CA
Answered 06/29/2011 by: dannyarya
Purple Belt

Please log in to comment
0
Cheers I will give it a shot.....[;)]
Answered 06/29/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment
0
If it helps,
I used: 'certutil -dspublish -f "SomeCertificateCA.cer" NTAuthCA'. To achieve the same thing.

Worked without issue running both from psexec cmd as system and from SCCM.

Cheers
Rich
Answered 06/29/2011 by: rich0864
Orange Belt

Please log in to comment
0
[8|]
WOW - I thought that I would just add the two blob registry keys: HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\
So the MSI only contains those two reg keys....installs fine and tested in system context....
In SCCM....does not deploy the reg keys....weird.....
I am now added the keys in a script and added as a CA in the MSI to test....strange though....
Could be one to be thrown to the SCCM forum....
Answered 06/30/2011 by: tron2ole
Third Degree Blue Belt

  • Make sure the "WriteRegistryValues" (containing this BLOB) will be executed earlier in the "InstallExecuteSequence" table than the "MsiInstallDrivers" or CA where drivers are being installed.
Please log in to comment
0
And the verbose log - which of course you specified in your command line - tells you......what?
Answered 07/01/2011 by: VBScab
Red Belt

Please log in to comment
0
The MSI verbose log was fine - no errors as the package actually installs - just no reg keys via SCCM but SCCM deployment.
The SCCM log showed an entry:The code is inconsistent with the package cache....
Anyway....the CA with the registry keys worked fine....
Answered 07/04/2011 by: tron2ole
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity