{"id":1981,"date":"2016-03-30T18:30:54","date_gmt":"2016-03-30T22:30:54","guid":{"rendered":"http:\/\/www.ikriv.com\/blog\/?p=1981"},"modified":"2016-03-30T18:30:54","modified_gmt":"2016-03-30T22:30:54","slug":"how-to-copy-trusted-root-certificates-to-another-machine","status":"publish","type":"post","link":"https:\/\/ikriv.com\/blog\/?p=1981","title":{"rendered":"How to copy trusted root certificates to another machine"},"content":{"rendered":"

I have created a VM from an image with a very clamp down security setup. In particular, it had a very limited set of trusted root CAs. It would not even trust https:\/\/www.microsoft.com. So, I decided to copy the list of root CAs from my machine to that machine.<\/p>\n

Exporting root CAs is easy: go to Control Panel, Administrative Tools, Manage Computer Certificates, select “Trusted Root Certificates” from the tree, go to Trusted Root Certification Authorities and then Certificates. Select all items Ctrl+A), right click, All Tasks, Export. I chose the .sst<\/code> format and got myself a nice .sst<\/code> file.<\/p>\n

Importing that file into the VM proved to be more difficult. After some googling I found this article<\/a> that contains a Powershell snippet that does the job:<\/p>\n

<\/p>\n

[reflection.assembly]::LoadWithPartialName(\"System.Security\")\n$certs = new-object system.security.cryptography.x509certificates.x509certificate2collection\n$certs.import(\"certificates.sst\")\n$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist \"AuthRoot\", LocalMachine\n$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]\"ReadWrite\")\n$store.AddRange($certs)<\/pre>\n
<\/code><\/p>\n
I copied this snippet into a file named import.ps1<\/code> and then executed it from PowerShell (“.\/import.ps1”). It worked great. I am not sure why Microsoft provides Export UI and leaves us to hunt for the import UI, but that’s a different question.<\/p>\n","protected":false},"excerpt":{"rendered":"
I have created a VM from an image with a very clamp down security setup. In particular, it had a very limited set of trusted root CAs. It would not […]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"Layout":"","footnotes":""},"categories":[4],"tags":[],"class_list":["entry","author-ikriv","post-1981","post","type-post","status-publish","format-standard","category-hack"],"_links":{"self":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1981"}],"version-history":[{"count":0,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1981\/revisions"}],"wp:attachment":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}