How can I install a certificate into the local machine store programmatically using c#?

Asked 19/2, 2009 at 18:32 Answered 5/7, 2018 at 16:37

I have a certificate generated via MakeCert. I want to use this certificate for WCF message security using PeerTrust. How can I programmatically install the certificate into the "trusted people" local machine certificate store using c# or .NET?

I have a CER file, but can also create a PFX.

Beaverboard answered 19/2, 2009 at 18:32 Comment(2)

Btw - i know the details of Makecert and trust. Please, just looking for suggestions on installing the certificate using programmatic c# or installshield. thanks! – Beaverboard 19/2, 2009 at 18:38

any idea how to do this in c program?? any API in windows?? – Tanker 24/5, 2012 at 5:1

I believe that this is correct:

using (X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine)) 
{
   store.Open(OpenFlags.ReadWrite);
   store.Add(cert); //where cert is an X509Certificate object
}

Debt answered 19/2, 2009 at 20:42 Comment(5)

This installs certificate successfully, But when I opens Manage Private Keys option for private key in personal store, it gives "no keys found for certificate" error. – Utopian 8/12, 2016 at 10:34

I guess this answer;s now void as X509Store is not disposable. – Hitlerism 23/11, 2017 at 11:15

@Utopian did you find a solution for "no private key found for this certificate"? – Baptiste 6/1, 2018 at 7:8

@Utopian Were you looking at the "CurrentUser" store? then you need to change the StoreLocation to StoreLocation.LocalMachine. – Alfonzoalford 14/12, 2018 at 11:28

Is there a way to add a cert as trusted but without installing it in the local machine? I'm a macos user and adding to Mac keychain requires privilege access, but I only want to use the cert in my code when I'm calling a third party endpoint for testing purpose – Mandymandych 2/4 at 3:17

The following works good for me:

private static void InstallCertificate(string cerFileName)
{
    X509Certificate2 certificate = new X509Certificate2(cerFileName);
    X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);

    store.Open(OpenFlags.ReadWrite);
    store.Add(certificate);
    store.Close();
}

Verb answered 10/9, 2009 at 22:15 Comment(1)

For storing certificate in Personnel node, choose the enum value as StorName.My. For storing certificate in Trusted Root Certification Authorities node, choose the enum value as StorName.Root. – Gallfly 1/7, 2021 at 9:5

Instead of installing the certificate to LocalMachine which requires elevated privileges you can add it to "CurrentUser" (works for me).

X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(cert); //where cert is an X509Certificate object
store.Close();

Dichromaticism answered 13/9, 2013 at 8:56 Comment(1)

Thanks for this. This was preferable for me as this will be running in a self hosted service that is executed (multiple instances) at runtime. No way to provide UAC prompt. Thanks again! – Sterling 10/1, 2014 at 22:35

I had to use X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet flags to resolve "Keyset does not exist" error that occurred later on attempt to use the certificate:

X509Certificate2 certificate = new X509Certificate2(pfxPath, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
     store.Open(OpenFlags.ReadWrite);
     store.Add(certificate);
     store.Close();
}

Thanks to this article: Private key of certificate in certificate-store not readable

Tasse answered 5/7, 2018 at 16:37 Comment(0)

Recommended topics

Hot tags