Category: Certificates

When Software or Drivers Won't Install in Windows - Replace All Internal OS Certificates
article #1382, updated 716 days ago

Sometimes, when software won’t install, especially something like ShadowProtect SPX which includes a driver, it is because of corruption of one or more internal Windows certificates. A method recommended to some extent in a few Microsoft resources:

certutil.exe -generateSSTFromWU roots.sst
Import-Certificate -FilePath .\roots.sst -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose

This does not always work. The only thorough method currently known to this writer, is to download this:

which contains a binary called “rootsupd.exe”. It will unpack itself if one runs it in administrative CMD, with syntax like this:

rootsupd.exe /c /t:C:\rootsupd

It will create the folder C:\rootsupd. Then go into C:\rootsupd, and do these (administrative CMD, not Powershell for some reason!):

updroots.exe authroots.sst
updroots.exe -d delroots.sst
updroots.exe roots.sst
updroots.exe updroots.sst

rootsupd.exe was, according to Google, available by download from Microsoft, but is not at this writing.

One does not have to reboot the system after doing the above, so far it just works.



RWW failure due to certificate issue
article #1167, updated 1559 days ago

Remote Web Workplace. Certificates are verified AOK, and yet at the point of RDP, you receive a popup reading “Your computer can’t connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance.”

To fix this, you’ll need the Remote Desktop Gateway Manager. If you have it, it’s in Start, Administrative Tools, Remote Desktop Services. If you don’t have it, install it:

dism /online /Enable-Feature:Gateway-UI


  1. Open the RDGM.
  2. Right-click the server object, open properties.
  3. Open the SSL Certificate tab.
  4. Click Import Certificate.
  5. Choose the correct certificate — it’s the Exchange list, if this is SBS — and click OK.



A tool to retrieve, examine, and test SSL certs in servers
article #1085, updated 1752 days ago

From the excellent Matt Quick:



Replace self-signed Exchange certificate
article #740, updated 2811 days ago

Here’s how to replace a self-signed Exchange certificate in the Exchange Shell.

First get the list with details:

Get-ExchangeCertificate | fl

You’ll see all of the certs, with expiration dates (“NotAfter”) and thumbprints. For each one that you need to replace, do this:

Get-ExchangeCertificate -thumbprint <thumbprintcontents> | New-ExchangeCertificate

Then say Yes.



Self-signed certificate wizard in SBS 2008
article #596, updated 3198 days ago

Rather helpful:



Import Certificate for SBS 2011 Remote Access
article #495, updated 3457 days ago

First copy the cert from the server to a file. Log into the server as administrator, and in CMD:

certutil -ca.cert ca_name.cer

Then copy ca_name.cer onto the desktop of the client PC, double-click on it, click “Install Certificate…” on the General tab, click “Place all certificates in the following store”, click “Browse…”, click “Trusted Root Certification Authorities, and click OK. Click Next and Finish.



Outlook and SBS Certificate Issues
article #323, updated 3993 days ago

Several certificate issues involving Outlook 2007/2010 and SBS 2008/2011 are covered here:



Fix Certificates on Windows
article #117, updated 4182 days ago

DigiCert has a number of tools for us:

The one on that page can fix a certificate chain, and there are others linked at the bottom.



Install Certificate Into Windows 7
article #230, updated 4231 days ago

The most excellent LizL., has delivered unto us:

I found out how to install the certificate into the trusted root store:

The certificate has to be saved first and you do that by going to the website and clicking on the Certificate Error and then view certificate. Once you have that opened click on the Details tab. Choose Copy to File which opens the Export Wizard. Click Next at the first screen, choose the correct format and click Next, choose the Browse button and save the file to the desktop with the company name.cer, click Save, Next and then Finish. You should see an widow pop up that says the export was successful.

Once the certificate has been saved open up a command prompt with elevated privelidges, type in certmgr and hit enter. Once open expand the Trusted Root Certification Authorities and then click on certificates. Check for the name of the cert that you want to install and if not there right click on certificates and choose All Tasks then Import. That opens up the Import Wizard. Click Next, click Browse and go to the location of the certificate and click Open. Click Next, choose to place it in the Trusted Root Certification Authorities store and click Next. You will see the settings and click Finish. There will be a popup that says the import was successful. Go to the website and you should no longer have the error.