Powershell Bulk Import Root Certificates to local computer store

If you ever had the need to import a bunch of root certificates to the local computer store, then you know how time consuming the manual process can be. This script helps you do the following:

  1. Import all Root Certificates in a directory – including sub directories.
  2. The Root Certificates can be placed in a network share.
  3. Place all Root Certificates into the Local Computer’s trusted root certs store.
  4. Auto elevate the script to save you time.

You will need the following pre-requisites:

  1. Powershell 3.0 or better.
  2. Powershell execution policy set to unrestricted Set-ExecutionPolicy Unrestricted
  3. Windows Vista or better.
  4. Script should be placed in the root of the folder containing the certificate files (in .cer format)

Without further ado, here’s the script:

function Use-RunAs
# Check if script is running as Adminstrator and if not use RunAs
# Use Check Switch to check if admin
$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()`
).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if ($Check) { return $IsAdmin }
if ($MyInvocation.ScriptName -ne "")
if (-not $IsAdmin)
$arg = "-file `"$($MyInvocation.ScriptName)`""
Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList $arg -ErrorAction 'stop'
Write-Warning "Error - Failed to restart script with runas"
exit # Quit this session of powershell
Write-Warning "Error - Script must be saved as a .ps1 file first"
Use-RunAs #Calls the function
cd $(split-path $MyInvocation.MyCommand.Definition)#Changes directory to the path where the script is called from.
get-childitem -Recurse -filter *.cer | forEach-Object {Import-Certificate -FilePath $_.FullName -CertStoreLocation cert:\LocalMachine\root} #Enumerates all certificates in the directory and sub-directory and imports them into the root certificate store.
timeout /T 10</code>

This is how the script works:

The initial part is a function (derived from here). It allows the script to auto elevate privileges. The script then changes directory to the path where the script is called from, enumerates all .cer files and imports them to the local root certificate store.

Let me know if this script has helped you.

1 Comment

If you are running Server 2008 R2 you can still use a modified version of this script by adding the following function to the beginning of the script http://poshcode.org/1937 and then modifying the forEach-Object command

Original: Import-Certificate -FilePath $_.FullName -CertStoreLocation cert:\LocalMachine\root

Changed: Import-Certificate -CertFile $_.FullName -StoreNames Root -LocalMachine

Leave a Reply

Your email address will not be published. Required fields are marked *