Installing a machine certificate in the Windows certificate store

Our goal is to install a key and certificate that will act on behalf of your IIS server.  So the certificate must be stored in the “local machine” part of your certificate store (as opposed to that belonging to any one specific user)   Here's how do that:

  • Create a console by selecting “Start->Run” and entering “mmc” (or just type “start mmc” from a command prompt.
  • A console will be created, and under the File menu, select “Add/Remove Snap-in”.
  • Select Add, and the “Add Standalone Snap-in” screen appears
  • Select “Certificates” and press the related “Add” button

  • Select the “Computer account” radio button and press “Next”, then “Finish” with the next screen

  • Unwind the dialogs by pressing “Close” and “OK”
  • Open up “Personal” and the “Certificates” as shown here:

  • Then under the “Action” menu, select “All tasks” and then “Import…”
  • “Next” yourself past the first page of the wizard to get to the import menu.  You can just type the path, but if you browse, remember to change the “File Type” to “Personal Information Exchange” or you won't see anything.

  • Press “Next” and you will be asked for the file's passphrase.  Enter it, press “Next” and then accept the default Certificate store with another “Next”.

  • This takes you to the finish dialog, and you end up with a certificate that can be used by the IIS process. 


Published by

Kim Cameron

Work on identity.

One thought on “Installing a machine certificate in the Windows certificate store”

Comments are closed.