So as part of the provisioning process, many companies will have their servers import and export certs. It shouldn’t matter if you use a third party CA or an Enterprise CA, these scripts simply create a CSR ‘Request-NewCert’ and import the .cer file ‘Import-Cert’.
1a. Go to my gwSecurity section on Github and run the scripts for importing and exporting certificates.
The ‘Request-NewCert’ will create a CSR that you can run through a third party CA and get the .cer file to import.
Then you can run ‘Import-Cert’ to import it to the Cert:\LocalMachine\My\ location.
If you want, you can also run the ‘Show-ComputerCerts’ scripts to open an MMC file directly to your local machine certificates.
2. After importing, make sure that you see the lock icon next to the certs name. This verifies you have both the public and private key for the cert.
I have seen cases where certs didn’t import correctly. If that happens, just run:
Open an admin CMD prompt and type:
certutil –repairstore my <serial number>….(get SerialNumber from viewing the cert properties; make sure to remove any special characters or spaces)
certutil –repairstore my 43e5e29096b64fd91a03b44eb040283f