Install Certificate (.cer) to target machine's trustedpublisher Failed

I am attempting to use the following command to install a certificate to a client machine. This is the certificate that I am signing a silverlight XAP file with (exported as .cer without the private key).
certmgr.exe -add .\DigiCert.cer -s -r localMachine trustedpublisher
When I run this command, I get:
Error: Failed to open the distantion Store
CertMgr Failed
The cert is able to be opened and installed using the wizard just fine, however I'm trying to reduce the number of steps the end user has to take to use the silverlight application, and the 5 or so steps the wizard has just adds to their frustration.

As I wasn't making any headway with this, I just decided to make my own cert installer. For those that need it, you can use the following code to install a certificate. I hard-coded the name of the cert file and which store to put it in, which could easily
be converted to parameters.
namespace MyCompany.Cert
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
public class Program
enum ExitCode
Success = 0,
UnauthorizedAccess = 1,
FileNotFound = 2,
UnknownError = 10,
static int Main(string[] args)
try
var tr1 = new TextWriterTraceListener(File.CreateText(@"C:\Temp\CertificateInstallLog.txt"));
Trace.Listeners.Add(tr1);
Trace.WriteLine("Checking for admin rights");
if (!IsUserAdministrator())
Trace.WriteLine("Failed to install certificate: Requires Administrator rights");
return (int)ExitCode.UnauthorizedAccess;
Trace.WriteLine("Have Admin rights, installing certificate");
Trace.WriteLine("Create Store Reference: localMachine trustedPublisher");
var store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
Trace.WriteLine("Opening Store: Read/Write");
store.Open(OpenFlags.ReadWrite);
Trace.WriteLine("Adding Certificate from file");
var cert = GetCertificate();
Trace.WriteLine("Got certificate from file");
store.Add(cert);
Trace.WriteLine("closing store");
store.Close();
Trace.WriteLine("Exiting");
Trace.Flush();
return (int)ExitCode.Success;
catch (FileNotFoundException ex)
Trace.WriteLine("Failed to install certificate. File not found");
Trace.Flush();
return (int)ExitCode.FileNotFound;
catch (Exception ex)
Trace.WriteLine("Failed to install certificate. " + ex.Message);
Trace.Flush();
return (int)ExitCode.UnknownError;
public static X509Certificate2 GetCertificate()
X509Certificate2 cert;
try
Trace.WriteLine("trying path 'DigiCert.cer'");
cert = new X509Certificate2("DigiCert.cer");
catch (System.Security.Cryptography.CryptographicException)
Trace.WriteLine("Path 'DigiCert.cer' failed");
var path = string.Empty;
try
path = @"C:\Program Files" +
(Directory.Exists(@"C:\Program Files (x86)") ? @" (x86)" : string.Empty) +
@"\<someprogramfolder>\DigiCert.cer";
Trace.WriteLine("trying path " + path);
cert = new X509Certificate2(path);
catch (System.Security.Cryptography.CryptographicException ex)
Trace.WriteLine("Path '{0}' failed", path);
throw ex;
return cert;
/// <summary>Query if this object is user administrator.</summary>
/// <returns>true if user administrator, false if not.</returns>
public static bool IsUserAdministrator()
var user = WindowsIdentity.GetCurrent();
if (user == null)
throw new NullReferenceException("Could not determine windows identity");
var myPrincipal = new WindowsPrincipal(user);
if (myPrincipal.IsInRole(WindowsBuiltInRole.Administrator)) { return true; }
Trace.WriteLine("You need to run the application using the 'Run as Administrator' option");
return false;
Don't forget to include an app.manifest that tells the program to always request admin rights:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel node will disable file and registry virtualization.
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
<applicationRequestMinimum>
<defaultAssemblyRequest permissionSetReference="Custom" />
<PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
</applicationRequestMinimum>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
</application>
</compatibility>
</asmv1:assembly>

Similar Messages

  • Problem to install Package on the target machines

    hi everyone
    I want to use Remote Desktop to install new softwares on many clients through LAN. But I read some posts about the problem. It needs a software "PackageMaker" to make pkg-format. I have some question about the PackageMaker.
    1- I have Remote Desktop v. 2.2. Is PackageMaker going to work with this version?
    2- We have more than 300 clients and will update or fresh install Adobe package (Photoshop, ILLustrator and InDesign). This package is too big, some GBs. Is PackageMaker going to work?
    3- If question 1 and 2 are not going to work. I will think about Remote Desktop v 3.0. Is this version 3.0 going to work? Because I did not use it
    4- If question 1 and 2 are going to work. Where can I buy PackageMaker?
    PS! We use Mac OS Server 10.4.6 and Mac OS Client 10.3.9
    Thank you very much
    Best Regards
    Tri

    both ARD versions 2.2 and 3 can install packages.
    PackageMaker is free.  You can get it by installing the apple developer tools.  i think PackageMaker will successfully create the package but I think it'll be incredibly large and problematic to try to push out 1 package that is larger than 2 gigs.   You may be better off creating a different package installer for each individual app.
    Also Adobe CS (1 and 2) is a huge pain to install due to all of the files necessary for it to work.  It puts files in the user's home folder and this can cause lots of problems when trying to install remotely... prompting for an admin to authenticate if it needs to make a change.  I wish you much luck with this aspect.
    ARD 3 is supposed to be better able to handle something like pushing out a large package but in reality, version 2.2 may work just as well for you.

  • Why doesn't my TestStand deployment installation show up under my Windows start menu of my target machine?

    Why doesn't my TestStand deployment installation show up under my Windows start menu of my target machine?
    I have successfully installed working deployments to target machines. However, I was expecting to see the installation listed as "My TestStand System A" in my start menu, but it is not. Am I misunderstanding something here?
    Also, if I peform a different second deployment to the target station like "My TestStand System B", all of the LabVIEW files from my previous installation for "My TestStand System A" disappear from the target directory (c:\Program Files\My TestStand System A).
    I am using TestStand 4.2.1 Professional on the development station with Windows XP and LabVIEW 2009.
    Solved!
    Go to Solution.

    Thanks Paul,
    That solved my second problem and inspired me to search deeper for the answer to my first problem. The answer is in the "Distributed Files" tab, "installer properties", "Create a Program Item" checkbox:
    Wouldn't it be nice if this was automatically checked by default for the main sequence files? Wouldn't it also be nice if "Upgrade Code" was automatically regenerated by default whenever we saved the *.tsd file under a different name?
    Thanks again,
    Eugene
    Message Edited by Eugene12 on 05-06-2010 04:27 PM

  • Deploying teststand V3 - mdac98 error on target machine

    Thank you in advance.
    I have two PXI computer that I'll like to deploy sequence file to, from a development machine, I have successfully create the installer using tool>>deploy test stand system but I get error message "mdac98" required when I attempt to install it to win98 target machine. I have been to the windows website to download and install "mdac98.exe" but I still get the error.
    I have read some literature on this issue but got no where. Out of curiosity what is the different between "disturbing test stand" and "deploying test stand". anyone?

    Rash,
    I just answered a question you posted on DCOM that was nearly identical. Are you also having problems with mdac or was this question supposed to be on DCOM?

  • How to install SSL Certificates automatically in Client machine

    Hi All
           I have installed Certificates for SSL in Planning server machine for Planning Web services.While connneting to Server through excel-addin from client machine it is not connecting
     Error is bleow:
    "The underlying connection was closed : could not establish trust relationship for the SSL/TLS secure channel" and then getting the following error
    "The PerformancePoint Server System is currently unavailable"
    I got it this is due to Certification not installed in client machine.
    So i tried to install certificate through IE web browser ..i typed webservices links ..i.e https://servername:443 in address box
    ..not admin console link.Because if i connect to Admin console then i connect to Planning server it is  not showing me the dialog box  " Security Alert "
    So typed direcly  webservices in address box.Then "Security Alert" dialog box opened ,In that i clicked "View Certificate" button and installed manually.Then this problem solved.
    But i want to check this is a way to install cerficate in the client machine or there is any other way to do it automatically...
    Please help me to solve this..
    Thanks
    Abdul

    Abdul,
    The problem seems to be that the certificate authority that created your certificate is no trusted by Windows.... That process of installing the root certificate in the clients machines should not be needed if the ceritifcate is obtained from the right ceritifcate authority...
    Where did you purchased your certificate from?
    Regards,
    Pablo Barvo - MSFT

  • How do I automate the import of a certificate (.cer) file within a silent install of FireFox 9.0.1?

    I have created an msi package for FireFox v9.0.1 and I need to include registration of a security certificate (.cer file) in the install. I am deploying the msi via an installation vbScript with SCCM. This will allow me to either include the certificate registration in the msi or as a post-install task in the vbScript. Any assistance would be greatly appreciated.

    See:
    *http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
    *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README

  • Not able to deploy windows kernel driver on target machine from visual studio

    I have created windows kernel driver, and signed it with production certificate. Now I could install this driver on my target machine manually(copying inf, cat and sys). 
    I want to make use of the visual studio 2013's deployment facility to deploy the driver automatically. But when I try to add the target computer(with administrative account) it failed with error message "The account credentials used to connect to the
    target computer could not gain administrator access to the target computer. Try using the built-in Administrator account".
    what possibly could be wrong?

    Pavel The host machine is on a domain(say ABC) and I am logged In as the domain administrator. On The target machine I am logged in as the local administrator. Now while adding the target computer from visual studio I am asked for the administrator account
    credentials and I am providing the local administrator credentials there.
    Pavel I found it is necessary to install "WDK Test Target Setup x64-x64_en-us.msi" on the target machine which I had not run. Once installing that I passed through the previously mentioned steps and after performing few installations target machine
    got rebooted. And then the deployment process hanged on step a "Attempting to connect...". Tried this for multiple times but result in to the same problem.

  • Report generation problems on the WinNT target machine

    I'm using report generation VI's to generate a standard report, mixed with text and graphs.
    In development mode (LV 6.0.2; Win-NT 4.0 SP6)there are no problems to print it. As soon as I make an application (application builder 6.0) and transfer it to the target machine (Win-NT 4.0 SP6; run time engine 6.0.2) I get an error -2147352567 unable to load picture..to Append front panel image to report.vi> If I delete the VI "Append front panel image to report.vi", I can print the text of my report without problems. Do you have any idea?

    I could fix the bug in the meantime. I had installed an older version of the Internet Explorer. When I updated the target PC to Internet Explorer Vers. 5.5, there are no problems anymore. I think it must be a problem of ActivX.

  • Crystal report error on Target Machine

    We have to provide application exe to our clients. The application is developed in Visual Studio.Net 2010 and by using SAP crystal report CRforVS_13_0. Client must be able to fire reports on their target machine on which the Dot Net framework and u201CCRforVS_redist_install_64bit_13_0_1u201C run time utility is installed. But it gives a crystal report error on the target machine.
    Our development and target machines have Win 7 Professional, 64-bit OS installed.
    Kindly provide us with an appropriate run time version for target machine in order to fire reports or any other solution in order to make our project work on target machine.
    Thanks!

    Thanks a lot Don for your valuable suggestions.
    We have already taken care of the points which you mentioned in your reply on development side. Also, we have downloaded crystal report from the link which you posted but on DEPLOYMENT side we are unable to run reports from our application.
    It gives the notification when we try to install crystal report on a target machine as "You must have visual studio 2010 installed in order to install the crystal report".
    The DEPLOYMENT problem we are facing is in RUNTIME environment on TARGET machine.  Our TRAGET machine has properly installed Win 7 Professional 64 bit,  .NET Framework Ver 4 and CRforVS_redist_install_64bit_13_0_1 . We also have properly installed application on this machine. We got no errors while installing any of the above. The problem starts when we fire a report on target machine from the application.
    We get the error as "The type initializer for 'CrystalDecisions.CrystalReports.Engine.ReportDocument' threw an exception"
    So, we are looking for an appropriate RUN TIME version of Crystal Report which can be installed on the target machine to fire reports (where visual studio 2010 is not installed).
    Please help suggest an exact version to download for target machine and the steps if it has a specific procedure.
    Thank you!
    Ruchir

  • PXE boot no longer working - blank cmd windows shown. If run Scripts/Litetouch file from target machine wizards runs as expected??

    Hi, My MDT server no longer works as expected via PXE boot. After the target machine loads the .wim file an empty command windows is shown. I have returned the custom settings.ini and bootstrap files to default and ensured nothing is being skipped within
    the task sequence within both files in hope of viewing the wizard.
    However from the same target machine if I map drive to my Deploymentshare/Scripts directory and run LiteTouch file I am asked for domain credentials and the Deployment wizard is displayed asking for task sequence to be selected.
    I believe this error is a result of two things:
    1) I applied some windows updates to my mdt server (running on 2008 r2).
    2) I was implementing changes to
    ZTIWindowsUpdate.wsf   which i have now returned to default settings. 
    I have also regenerated boot images and re added to WDS.
    Any help much appreciated?
    Regards,
    Paul 

    Hi Paul,
    This sounds familiar; I only encounter this behaviour with certain kinds of laptops (Latitude E65x0) but I usually just provide the "wpeutil reboot" command in the empty command window to keep things going. All other hardware is deployed with the
    same task sequence and this behaviour does not occur anywhere else...
    A bit obvious maybe, but did you check if there is still a "Next Phase" step present and enabled following directly after the "Install Operating System" step? 

  • Word/Excel in the target machine?

    Do I need Word/Excel installed in the target machine if I develope a stand-alone application with the office toolkit report generation?

    Luca is right. The reason is that the toolkit uses activeX to use Word and Excel. This allows LabVIEW users to take advantage of the benefits of those programs from within LabVIEW. The toolkit provides a programmer friendly interface to those properties. When you build a LabVIEW executable, it complies the VI to run independently of the LabVIEW development environment. The commands for communicating to Word and Excel are complied but not Word and Excel programs. They still need to be installed on the remote computer so that the LabVIEW compiled activeX commands communicate with something.
    Jeremy

  • The requested feature DSC-Service is not found on the target machine.

    Hi,
    I'm trying to create a DSC Pull Server with a 2008 R2 SP1 Virtual Machine,
    While many of the forums and tutorials have helped, particularly https ://www .google.com/url?url=https://davewyatt.wordpress.com/2014/06/07/how-to-install-a-dsc-pull-server-on-windows-2008-r2/&rct=j&frm=1&q=&esrc=s&sa=U&ei=7BavVKvxMIHEmAWDjoLwBQ&ved=0CBQQFjAA&usg=AFQjCNEUHC8QBHfNgChYXnMQe87rXrHz1g
    after installing all of these modules and moving on to later tutorials I'm experiencing an error every time I try to run a pull server configuration scrpit.
    After running the script found here: http://www .systemcentercentral.com/day-1-intro-to-powershell-dsc-and-configuring-your-first-pull-server
    I then trid to execute that code on the localhost,
    it came up with this error:
    PowerShell provider MSFT_RoleResource failed to execute Test-TargetResource functionality with error
    message: The requested feature DSC-Service is not found on the target machine.
    + CategoryInfo : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName : localhost
    Please Help, I cannot find the DSC-Service Module, and while some scripts have allowed and Pull Server to be created, they do not function peroperly because of this error.
    Thanks a lot.
    P.S. due to this being a 2008 R2 SP1 machine When then running the command: Add-WindowsFeature DSC-Server (As has been suggested by a lot of soureces) This error Will Come up:
    Add-WindowsFeature : ArgumentNotValid: Invalid role, role service, or feature: 'DSC-Service'. The name was
    not found.
    At line:1 char:1
    + Add-WindowsFeature
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Add-WindowsFeature], Exception
    + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureComm
    and

    Hi Anna,
    I'm in the same situation as Nathys.
    I tried everything you indicated. However, it still does not work. I got the same error:
    PowerShell provider MSFT_RoleResource  failed to execute Test-TargetResource functionality with error message: The requested feature DSC-Service is not found on the
    target machine.
        + CategoryInfo          : InvalidOperation: (:) [], CimException
        + FullyQualifiedErrorId : ProviderOperationExecutionFailure
        + PSComputerName        : devops-01
    The SendConfigurationApply function did not succeed.
        + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
        + FullyQualifiedErrorId : MI RESULT 1
        + PSComputerName        : devops-01
    PS C:\Workspace\dsc> dism /online /Enable-Feature /FeatureName:DSC-Service
    Deployment Image Servicing and Management tool
    Version: 6.1.7600.16385
    Image Version: 6.1.7600.16385
    Enabling feature(s)
    [==========================100.0%==========================]
    The operation completed successfully.
    I have restarted the computer, but it still does not work.

  • Installing certificate file on IPHONE 2.0

    tried to install Excahnge 2003 mail support on the iphone. it came upwith authentication error. With other brand PDAs usualy this gets resolved by installing the certificate file *.cer file or *.cab file (for windows mobile) on the pda and the Sync starts.
    Questionis how do I install certificate on Iphone? can I just copy the file using active sync and TAP on it on iphone. Please advise
    REgards
    Ross

    I found this document that should help you with all your questions on using the iPhone and Exchange.
    See page 36 to manually install certificates.
    http://support.apple.com/manuals/enUS/Enterprise_DeploymentGuide.pdf

  • I have followed the steps for running exe on target machine but camera streaming did not found yet.

    Install the following run-time engines:
    LabVIEW Run-time Engine (same version that was used to develop the VI)
    Vision Run-time Engine (same version that was used to develop the VI)
    A single-seat Vision Deployment License is required for each target machine on which you install the Vision Run-time Engine. See Related Links for more details.
    Copy the following DLLs from your development machine's System Directory, typically C:\Windows\system32, to your target machine's System Directory.
    ImaqDirectShowDll.dll
    ImaqDirectShowExport.dll
    Register ImaqDirectShowExport.dll by selecting the Windows Start Menu and selecting Run.
    Type in regsvr32 C:\WINDOWS\system32\ImaqDirectShowExport.dll and click OK to register the DLL.
    If you are on a different OS or if the system directory is different and you want to copy the file path instead of typing the whole path, you can drag the file to the command line in the Run prompt, highlight the path, right-click and select Copy.
    Paste in the command prompt window by right-clicking and selecting Paste.
    The ImaqDirectShowDll does not have to be registered.
    I have followed all above steps ,
    Can any one help me for solution ?

    My guess is that the driver is missing at the target system.
    You can add the driver (part of Vision Acquisition Software) you need (IMAQ, IMAQdx, ..) under the Additional Installers Section of your Build Specification and you will also need a runtime license.
    Christian

  • Install ILMA in a remote machine

    Hello,
    I would like to know if it's possible to install ILMA in a remote machine?
    I want to install the database in one machine and the application server, APEX and ILMA in other machine.
    Is it possible or I have to install everything is the same server?
    Best Regards.
    Óscar.

    Hi Óscar,
    This is an interesting scenario. Presently, you must install everything on the machine targeted for management. The limitation centers around our PL/SQL package, which assumes that all data is local. If you install ILMA on one machine, it will know nothing about the remote setup.
    This configuration has been suggested by others as well, so I am confident that we will consider the approach in a future release.
    Thanks for using ILMA!
    Greg

Maybe you are looking for

  • Std Report to see Material doc. and FI doc.

    Hi all, I want a SAP standard report where i can see both the Material doc. as well as the FI doc. created against that in a single report. Please help. Thanks & Regards, Rajeev Kumar

  • How can I Delete a MobileMe Email Account and Kill Duplicate Messages?

    When I select "All Inboxes" on my iPhone 4s, I see duplicates of each and every message I receive. Furthermore, the duplicate can't be deleted and I get an error message informing so! I suspect this phenomenon is occurring because I have both an iClo

  • Creating links to specific area in a PDF

    I want to create a link to go to a specific text area in my one-page PDF... not allowing anything outside of this specified area to be filled unless you click on this link. Does anyone know how to do this?

  • Finding Windows Login details from R3 system

    Friends,    We have a requirement where we need to find the Windows login user ID of an employee from a SAP report. In the report we will be having a button. whenever we click on the button we should get that particular user's windows login ID. The r

  • How to use Threading Concept in oracle

    Hi all, I am having requirement such that i have to execute a function after insert of data in one table.due to performance issues i have to execute this function using java pooling.if anybody having idea regarding this one please share. I have tried