Adding a Certificate to the Root Certificate Store from the Command Line (e.g. as an Azure Startup Task)

The title says it all ;)

certutil -addstore root LeastPrivilegeCA.cer

This entry was posted in Azure. Bookmark the permalink.

2 Responses to Adding a Certificate to the Root Certificate Store from the Command Line (e.g. as an Azure Startup Task)

  1. idg10 says:

    When I first tried this, I got an 0x80070002 error (that’s the COM error for Win32’s file not found) when the azure deployment mechanism tries to execute the script.
    If I Remote Desktop into the instance and run the script where it is, it works fine, so I’d guess it’s a current directory issue. (I have all my startup scripts and associated files in a subfolder – I guess that Azure sets the current directory for startup tasks to be the app root bin folder itself, and not the folder containing the task script.)
    I found that using %~dp0LeastPrivilegeCA.cer as the path fixes it. (In a .cmd file, %~dp0 expands to the full path of the folder containing the script, including a trailing “\”.) That way, the script does not depend at all on the current directory. I also qualify the command as %windir%\system32\certutil.exe – not sure if that’s necessary, but it’s what I tried, and it worked.

  2. idg10 says:

    When I first tried this, I got an 0x80070002 error during Azure deployment. (That’s COM’s version of the Win32 error for file not found.)
    I suspect this is a current directory issue. I put my startup scripts in a subfolder of my role. If you’re finding that your example works, I’m guessing that perhaps you’ve got your certificate file in the root of your role?
    I modified the argument to %~dp0LeastPrivilegeCA.cer – in a .cmd file, %~dp0 expands to the full path of the folder containing the script including a trailing “\”. This means the script no longer cares what the current directory is. (I also qualify certutil as %windir%\system32\certutil.exe – not sure if that matters, but it’s what I use, and it worked.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s