Re: Silent certificate installation

Giganews Newsgroups
Subject: Re: Silent certificate installation
Posted by:  Brian Komar [MVP] (
Date: Wed, 21 Feb 2007

In article <uCtoTxfVHHA.8…@TK2MSFTNGP05.phx.gbl>,
nesh… says...
> Hi guys, does anybody know how to install a certificate on the client
> machine silently? I already set up the CA authority and it is issuing
> certificates automatically. When I click to install the certificate I
> receive 2 messages warning me about the installation of the certificate.
> Is there any way to install the certificate without user intervention? I
> mean, a script that I can do, a .NET app, what ever works .... I'll
> appreciate any clue, cause I don't know where to start.
> Thanks,
> Nelson
These were added in MS02-048 (KB323172) -

No. You cannot remove these if you are installing using
the Web interface. The danger is that if you disable the
controls, any bad guy can install certificates into the
user store and add certificates to the root store
without the user's knowledge.

I have a script included with my PKI book (enroll.vbs)
that will work for XP/2000/2003 with capicom installed
that will accomplish what you want.




In response to

Silent certificate installation posted by Nelson Guerrero on Wed, 21 Feb 2007