Using Inno Setup, how to import a certificate .cer file?

Asked 5/10, 2012 at 21:31 Answered 20/2, 2023 at 17:24

Solved installation certificate distribution inno-setup

Can I use Inno Setup to import a .cer file (a certificate)?

How can I do it?

I need to create a certificate installer for Windows XP, Windows Vista and Windows 7.

Centaur answered 5/10, 2012 at 21:31 Comment(2)

I was thinking about using a command line with Certmgr.exe utility. Would it work with all windows system? – Centaur 5/10, 2012 at 21:32

Certmgr.exe is not part of Windows, so you have to bundle it in your installer. I think it should work with all Windows releases, as it is part of Windows SDK. – Made 6/10, 2012 at 0:58

Add Certmgr.exe and yourcertificate.cer into setup:

[Files]
Source: CertMgr.exe; DestDir: {app}; Flags: deleteafterinstall
Source: yourcertificate.cer; DestDir: {app}; Flags: deleteafterinstall

And in [Run] section, write something like this:

Filename: {app}\CertMgr.exe; Parameters: "-add -all -c yourcertificate.cer -s -r localmachine trustedpublisher"; Flags: waituntilterminated runhidden;

Bultman answered 1/8, 2013 at 10:16 Comment(1)

In my case its self-signed certificate. so that line localmachine ended with root – Billhead 11/4, 2016 at 15:1

Actually the CertMgr.exe is not available on all PCs and furthermore it does not appear to be redistributable (as hinted by @TLama); and besides you don't even need it.

CertUtil is available on every Windows machine (that I have tested) and works perfectly:

[Run]
Filename: "certutil.exe"; Parameters: "-addstore ""TrustedPublisher"" {app}\MyCert.cer"; \
    StatusMsg: "Adding trusted publisher..."

Cain answered 21/10, 2016 at 10:13 Comment(3)

@MartinPrikryl Admittedly I could have done more testing. I only discovered this yesterday and so have not tested exhaustively; so far only on Win 10 machines. But one is VM on Azure, 2 are regular PCs without visual studio, dotNets etc. (so no CertMgr.exe available), and then there is my DevPC which has CertMgr but CertUtil also works on it. – Cain 21/10, 2016 at 12:28

It is stated here that certutil.exe is shipped with Windows 7 and later. For earlier versions download it from Microsoft download (ref) – Density 18/9, 2019 at 9:0

Nice solution. It's worth noting that calling certutil requires elevated privileges so this won't work for user profile installers. – Hypertrophy 12/4, 2022 at 19:7

The reply by SlowLearner and Martin Prikryl is correct. However, a comment states the command requires elevated privileges. If you use the -user command it will access the user store therefore not requiring elevation:

[Run]
Filename: "certutil.exe"; Parameters: "-user -addstore ""Root"" {app}\MyCert.cer"; \
StatusMsg: "Adding root certificate..."

Mak answered 20/2, 2023 at 17:24 Comment(0)

Add Certmgr.exe and yourcertificate.cer into setup:

[Files]
Source: CertMgr.exe; DestDir: {app}; Flags: deleteafterinstall
Source: yourcertificate.cer; DestDir: {app}; Flags: deleteafterinstall

And in [Run] section, write something like this:

Filename: {app}\CertMgr.exe; Parameters: "-add -all -c yourcertificate.cer -s -r localmachine trustedpublisher"; Flags: waituntilterminated runhidden;

Bultman answered 1/8, 2013 at 10:16 Comment(1)

In my case its self-signed certificate. so that line localmachine ended with root – Billhead 11/4, 2016 at 15:1

Recommended topics

Hot tags