Storing a Windows Machine Certificate

  1. Double-click on the PKCS#12 machine certificate container (.p12 file) and the Certificate Import Wizard pops up.

    Local Machine

    Since we want to store the end entity certificate, the matching private key and the Root CA certificate contained in the PKCS#12 file under the HKEY_LOCAL_MACHINE branch of the Windows registry, select Local Machine as Store Location. Then click Next.

  2. After giving access control permission for the operation, the File to Import menu pops up.

    Machine Certificate Import

    Click Next.

  3. The Private key protection menu pops up.

    Machine Private Key Protection

    Enter the password with which the private key in the PKCS#12 container is protected and set the Import options (Enable strong private key protection is greyed out). Then click Next.

  4. The Certificate store menu pops up.

    Certificate Store

    Choose Automatically select the certificate store based on the type of certificate. Then click Next.

  5. The Completing the Certificate Import Wizard menu pops up.

    Complete Machine Certificate Import

    To complete the certificate import, click Finish.

  6. A small popup window acknowledges the successful certificate import.

    Import Successful

    Click OK to close the window.

  7. Executing the mmc (Microsoft Management Console) with the Certificates (Local Computer) Snap-in loaded, it can easily verified that the machine certificate has been stored in the correct location.

    mmc with Certificates (Local Computer) Snap-in

    Clicking on the certificate entry in the mmc opens a Certificate Information window showing that the matching private key has been stored in the registry, too.

    Machine Certificate with Private Key

    The Root CA certificate has been automatically installed in the Trusted Root Certification Authorities folder.

    mmc with Certificates (Local Computer) Snap-in