Certificate Install Security Warning Workaround?

Question

I have some C# 4.0 code that attempts đồ sộ install a CA (.der encoded) certificate into the "Trusted Root Certification Authorities" store for the current (My) user. My little console ứng dụng runs silently against other stores, but for this store a GUI popup comes up "You are about đồ sộ install a certificate from a certification authority... Windows cannot validate that the certificate is actually from..... Do you want đồ sộ install this certificate?"

This messagebox is a problem because the idea is đồ sộ automatically deploy the ứng dụng with an MSI and silently get the right certs in the right place. Having a modal box will kill automated deployment.

How can this installation be done without a deployment-breaking messagebox?

asked Nov 16, 2010 at 17:22

SnowySnowy

6,12221 gold badges68 silver badges125 bronze badges

2

OlegOleg 222k35 gold badges412 silver badges810 bronze badges · Accepted Answer

It can sound not logical, but đồ sộ have no warning you should add the certificate not đồ sộ the Root certificate store of the current user, but đồ sộ the Root of the local machine instead. You can easy verify that

certmgr.exe -add -c t.cer -s -r currentUser root

produce the security warning, but

certmgr.exe -add -c t.cer -s -r localMachine root

not.

So if you want import a certificate in .NET then the corresponding code could be about following

using System;
using System.Security.Cryptography.X509Certificates;

namespace AddCertToRootStore {
    class Program {
        static void Main (string[] args) {
            X509Store store = new X509Store (StoreName.Root,
                                             StoreLocation.LocalMachine);
            store.Open (OpenFlags.ReadWrite);
            X509Certificate2Collection collection = new X509Certificate2Collection();
            X509Certificate2 cert = new X509Certificate2 (@"C:\Oleg\t.cer");
            byte[] encodedCert = cert.GetRawCertData();
            Console.WriteLine ("The certificate will be added đồ sộ the Root...");
            store.Add (cert);
            Console.WriteLine("Verify, that the certificate are added successfully");
            Console.ReadKey ();
            Console.WriteLine ("The certificate will be removed from the Root");
            store.Remove (cert);
            store.Close ();
        }
    }
}