There’s a few instances where I’ve needed to install certificates and grant nominated accounts rights to open them (including the private key) – mainly for Microsoft cloud solutions for Live@Edu and Office365.
This relies on the winhttpcertcfg tool (download here) and once installed uses the following command line to grant rights over a certificate:
1 |
winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s my_cert -a my_account |
Which in this instance, looks up the certificate with the friendly name “my_cert” and grants “my_account” rights over it.
What’s occasionally useful, is to import the cert on behalf of a specific user via:
1 |
winhttpcertcfg -i my_cert.pfx -c LOCAL_MACHINE\My -a my_account -p pfx_password |
Which notationally opens the certificate held in my_cert.pfx (password = pfx_password) and adds it to the correct cert store for my_account to access it.
Details of the full command line can be found over at MSDN.