On one of the networks I maintain, I had to roll-out a new SSL-certificate for the IMAP-SSL Services. The old certificate would expire within a few days. On this network the most users, uses MS Windows XP in combination with a samba-fileserver.
Some time ago, I roll-out the logon.bat stuff. Every user on the network has in his ‘Startup’ folder an LNK-file who calls a netlogon script on the server which take care of the next stuff:
- Remove all existing network-shares
- Connect the H-drive to their personal share on the server
- Connect the P-drive to the public-share on the server
- Resets, by injecting registry data, the Proxy-settings for IE
So I want to use this script to roll-out the new certificate… but it is not so easy on a Windows system 
I needed a tool who was able to add a certificate from the commandline to the certificate-store.
After some search, I found the tool certutil.exe.
But getting certutil.exe was not so easy… it is part of the Windows 2k3 servers, but a 2k3 server isn’t the problem 
So I copied the file and a dll out and placed it on the Samba server… added a line to the logon.bat
p:networkbincertutil.exe -addstore -f -user root p:networkcertnew.cer
The users receive only the first time a security warning, with the question if they want to install the certificate…
and if they don’t want to install the certificate… they won’t have e-mail
