Re: Silent installation of Root Certificates?

From: Torgeir Bakken (Torgeir.Bakken-spam@hydro.com)
Date: 09/25/02


From: Torgeir Bakken <Torgeir.Bakken-spam@hydro.com>
Date: Wed, 25 Sep 2002 03:49:25 +0200


Jim Reed wrote:

> It there a mechaniasm for performing a silent
> installation of a .cer file into IE 5.0 browsers? The
> default user expereince for installing a root certificate
> is pretty elaborate for novices.
>
> Is there an C++ API that will perform the install? That
> way we could use activeX to make it easier for end users.
>
> Are there any other tools to make this experience easier
> for novice end users?

Hi

You can use vbscript and CAPICOM

Introducing CAPICOM
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/intcapicom.asp

At Mitch Gallants site http://home.istar.ca/~neutron/wsh/ you will find examples

of CAPICOM used by VBScript.

Alternatively, you can use the command line utility certmgr.exe, a
cryptoAPI/Authenticode tool from MS (and also Certutil.exe I suppose).

To add a certificate to the "Trusted Root Certification Authorities" in
localMachine:

certmgr.exe -add -c "<cert-file>" -s -r localMachine root

More information can be found here:

******* Certmgr.exe *******
Download certmgr.exe from:
Authenticode for Internet Explorer 5.0
http://msdn.microsoft.com/downloads/default.asp?URL=/code/sample.asp?url=/msdn-files/027/000/219/msdncompositedoc.xml

Certificate Manager Tool (Certmgr.exe)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfcertificatemanagertoolcertmgrexe.asp

Using CertMgr
http://msdn.microsoft.com/library/en-us/security/security/using_certmgr.asp

******* Certutil.exe *******
Using Certutil.exe to Manage and Troubleshoot Certificate Services
http://www.microsoft.com/WINDOWS2000/techinfo/administration/security/certutil.asp

Using the Certificate Services Command-Line Programs
http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Distrib/dscj_mcs_ooiy.htm

http://www.microsoft.com/WINDOWS2000/en/server/help/sag_cs_CertUtil2.htm

--
torgeir