I have created a VM from an image with a very clamp down security setup. In particular, it had a very limited set of trusted root CAs. It would not even trust https://www.microsoft.com. So, I decided to copy the list of root CAs from my machine to that machine.
Exporting root CAs is easy: go to Control Panel, Administrative Tools, Manage Computer Certificates, select “Trusted Root Certificates” from the tree, go to Trusted Root Certification Authorities and then Certificates. Select all items Ctrl+A), right click, All Tasks, Export. I chose the
.sst format and got myself a nice
Importing that file into the VM proved to be more difficult. After some googling I found this article that contains a Powershell snippet that does the job:
[reflection.assembly]::LoadWithPartialName("System.Security") $certs = new-object system.security.cryptography.x509certificates.x509certificate2collection $certs.import("certificates.sst") $store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "AuthRoot", LocalMachine $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite") $store.AddRange($certs)
I copied this snippet into a file named
import.ps1 and then executed it from PowerShell (“./import.ps1”). It worked great. I am not sure why Microsoft provides Export UI and leaves us to hunt for the import UI, but that’s a different question.