Hi,
Windows has a builtin tool for dealing with x509 certificates, certificate stores and much more.
In my opinion the usage is not very intuitive.
Here are some useful examples
Show content of the ntauth store
PS D:\> certutil -store -enterprise ntauth
Import a pfx/pkcs12 key and certificate to the users store and set the “no export” and protecthigh (open the protect dialog to password protect the key) properties. The -p option is the pfx file password.
PS D:\> certutil -user -p ImportPW -importpfx "C:\Users\michael\Documents\myKeyCert.pfx" "NoExport,ProtectHigh"
Import a root certificate to the machines “trusted root certification authority” store. Possible options: -Enterprise (Company store) -user (only to the users store)
PS D:\> certutil -addstore root "C:\Users\michael\Documents\rootCA\CAcerts\ca.cer"
Import a intermediate certificate to the machines “intermediate certification authority” store.
PS D:\> certutil -addstore CA C:\Users\michael\Documents\intCAAuth\CAcerts\intermediatecaauth.cer
Create pfx/pkcs12 file from key and certificate
Give key and cert the same basename, eg. mycert and the key the extension.key and the certifcate .cer
mycert.key mycert.cer
PS D:\> certutil -mergepfx mycert.cer mycert.pfx
to be continued….
Michael