To add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line, you must:
1. Download the codesigningx86.exe
package from the Microsoft Download Center.
2. Right-click codesigningx86.exe and extract the files.
3. Copy the CertMgr.exe program to a location in your path.
Once CertMgr.exe is available:
1. Open CMD.EXE window.
2. Type the following command and press Enter:
certmgr.exe -add -c "<cert-file>" -s -r localMachine root
Where <cert-file> is the fully qualified path to the certificate file.
When you type CertMgr.exe /?, you see:
Usage: CertMgr [options][-s [-r ][SourceStoreName]
[-s [-r ][DestinationStoreName]
Options:
-add Add certificates/CRLs/CTLs to a storeFile or a system store
-del Delete certificates/CRLs/CTLs from a storeFile or
a system store
-put Put an encoded certificate/CRL/CTL from a storeFile or
a system store to a file. The file will be saved in X.509
format. -7 can be used to save the file in PKCS#7 format
-s Indicate the store is a system store
-r The system store location
Default to 'currentUser'
-c Certificates in the store
-crl Certificates revocation lists(CRLs) in the store
-ctl Certificates trust lists(CTLs) in the store
-v Verbose display of the certificates/CRLs/CTLs
-all All certificates/CRLs/CTLs in the store
-n Common name of the certificate
-sha1 The sha1 hash of the certificate/CRLs/CTLs
-7 Save the destination store in PKCS# 7 format
-e Certificate/CRL/CTL encoding type.
Default to X509_ASN_ENCODING
-f CertStore open flags. Meaningful only if -y is set
-y CertStore provider name