Install a new SSL-certificate on Windows XP machines | Just my blog

/dev/random

Install a new SSL-certificate on Windows XP machines

On one of the networks I maintain, I had to roll-out a new SSL-certificate for the IMAP-SSL Services. The old certificate would expire within a few days. On this network the most users, uses MS Windows XP in combination with a samba-fileserver.

Some time ago, I roll-out the logon.bat stuff. Every user on the network has in his ‘Startup’ folder an LNK-file who calls a netlogon script on the server which take care of the next stuff:

  • Remove all existing network-shares
  • Connect the H-drive to their personal share on the server
  • Connect the P-drive to the public-share on the server
  • Resets, by injecting registry data, the Proxy-settings for IE

So I want to use this script to roll-out the new certificate… but it is not so easy on a Windows system
I needed a tool who was able to add a certificate from the commandline to the certificate-store.
After some search, I found the tool certutil.exe.

But getting certutil.exe was not so easy… it is part of the Windows 2k3 servers, but a 2k3 server isn’t the problem So I copied the file and a dll out and placed it on the Samba server… added a line to the logon.bat

p:networkbincertutil.exe -addstore -f -user root p:networkcertnew.cer

The users receive only the first time a security warning, with the question if they want to install the certificate…

and if they don’t want to install the certificate… they won’t have e-mail


  • Social

  • By continuing to use the site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible and enable advertising to provide you free content. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

    Close