Re: Silent installation of Root Certificates?

From: Torgeir Bakken (Torgeir.Bakken-spam@hydro.com)
Date: 09/25/02


From: Torgeir Bakken <Torgeir.Bakken-spam@hydro.com>
Date: Wed, 25 Sep 2002 03:49:25 +0200


Jim Reed wrote:

> It there a mechaniasm for performing a silent
> installation of a .cer file into IE 5.0 browsers? The
> default user expereince for installing a root certificate
> is pretty elaborate for novices.
>
> Is there an C++ API that will perform the install? That
> way we could use activeX to make it easier for end users.
>
> Are there any other tools to make this experience easier
> for novice end users?

Hi

You can use vbscript and CAPICOM

Introducing CAPICOM
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/intcapicom.asp

At Mitch Gallants site http://home.istar.ca/~neutron/wsh/ you will find examples

of CAPICOM used by VBScript.

Alternatively, you can use the command line utility certmgr.exe, a
cryptoAPI/Authenticode tool from MS (and also Certutil.exe I suppose).

To add a certificate to the "Trusted Root Certification Authorities" in
localMachine:

certmgr.exe -add -c "<cert-file>" -s -r localMachine root

More information can be found here:

******* Certmgr.exe *******
Download certmgr.exe from:
Authenticode for Internet Explorer 5.0
http://msdn.microsoft.com/downloads/default.asp?URL=/code/sample.asp?url=/msdn-files/027/000/219/msdncompositedoc.xml

Certificate Manager Tool (Certmgr.exe)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfcertificatemanagertoolcertmgrexe.asp

Using CertMgr
http://msdn.microsoft.com/library/en-us/security/security/using_certmgr.asp

******* Certutil.exe *******
Using Certutil.exe to Manage and Troubleshoot Certificate Services
http://www.microsoft.com/WINDOWS2000/techinfo/administration/security/certutil.asp

Using the Certificate Services Command-Line Programs
http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Distrib/dscj_mcs_ooiy.htm

http://www.microsoft.com/WINDOWS2000/en/server/help/sag_cs_CertUtil2.htm

--
torgeir


Relevant Pages

  • Signing drivers with signtool for XP 64-bit -- suppressing the war
    ... Ineed to suppress the unsigned driver installation dialog for an automation ... article "Driver signing policy is automatically elevated for unsigned ... I need to sign our drivers for unattended installation via ... Signing Certificate Chain: ...
    (microsoft.public.development.device.drivers)
  • Re: DIFx Framework - HOWTO
    ... The certificate was not installed on the machine, that's s why I did exactly ... The test certificate is obtained through the commands: ... I've successfully created the unsinged cat file using: ... >> installation through DIFx framework but have some troubles with it. ...
    (microsoft.public.development.device.drivers)
  • Re: client installation error
    ... The certificate is TRUST_E_TIME_STAMP however I do not think that will help. ... This posting is provided "AS IS" with no warranties, ... the installation stop at this error "Error 0x80096005: ... >> Jeff Harbaugh [MSFT] ...
    (microsoft.public.sms.setup)
  • Re: recovering files encrypted using EFS
    ... > same name and password as the old WinXP installation, ... > intact backup of the old harddisk on COMP2, ... > didn't export the EFS certificate, ... I could of course restore ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Dear "Well Known National Alarm Company":
    ... I believe it 's only until recent years that a dedicated circuit is required for the communicator. ... certificate was issued in 2006 and should be valid until 2011. ... The first "inspection" was signed off one month after installation. ... ULC requires that you monitor the supervisory output. ...
    (alt.security.alarms)