MicrosoftDocs · MarkusMichalski · Jan 30, 2026 · Copilot · Jan 30, 2026
diff --git a/ssms/install/install-certificates.md b/ssms/install/install-certificates.md
@@ -49,11 +49,11 @@ If you're scripting the deployment of SSMS in an offline environment to client w
    Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands:
 
    ```console
-   certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestRootCertificate.cer"
+   certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestRootCertificate.cer"
 
-   certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer"
+   certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer"
 
-   certutil.exe -addstore -f "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer"
+   certutil.exe -f -addstore "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer"
    ```
 
 1. Deploy the batch file to the client. This command should run from an elevated process.
@@ -79,6 +79,12 @@ To ensure the installation completes successfully, follow these steps:
 1. You see the prompt, **The import was successful**.
 1. Install SSMS using the local layout.
 
+Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands:
+
+```console
+certutil.exe -f -addstore "CA" "[layout path]\certificates\Microsoft Windows Code Signing PCA 2024.crt)"
+```
+
 ## Maintain an offline machine
 
 For users maintaining offline machines, [obtain the required certificates](https://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt) and deploy them manually.