From 4c701ffecbc1c9c5614e4a33b121898ce98ef47f Mon Sep 17 00:00:00 2001 From: Markus Michalski <38650546+MarkusMichalski@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:40:15 +0100 Subject: [PATCH] Modify certutil commands for certificate installation Updated certutil commands to include the '-f' flag for adding certificates to the store. The flag was present in the previous edit, but at the wrong position causing an error. Added instructions for creating a batch file to install a specific code signing certificate. --- ssms/install/install-certificates.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ssms/install/install-certificates.md b/ssms/install/install-certificates.md index 44c4bd8..6b12a15 100644 --- a/ssms/install/install-certificates.md +++ b/ssms/install/install-certificates.md @@ -49,11 +49,11 @@ If you're scripting the deployment of SSMS in an offline environment to client w Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands: ```console - certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestRootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestRootCertificate.cer" - certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer" - certutil.exe -addstore -f "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer" ``` 1. Deploy the batch file to the client. This command should run from an elevated process. @@ -79,6 +79,12 @@ To ensure the installation completes successfully, follow these steps: 1. You see the prompt, **The import was successful**. 1. Install SSMS using the local layout. +Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands: + +```console +certutil.exe -f -addstore "CA" "[layout path]\certificates\Microsoft Windows Code Signing PCA 2024.crt)" +``` + ## Maintain an offline machine For users maintaining offline machines, [obtain the required certificates](https://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt) and deploy them manually.