Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store
pythonnet for the win!!! (.NET for Python) P.S. I couldn't install from pip (visual studio dependency issues) but the wheel file below worked like a charm (for python 3.9). Problem solved. https://download.lfd.uci.edu/pythonlibs/a4hvik9m/pythonnet-2.5.2-cp39-cp39-win_amd64.whl # pip install pythonnet-2.5.2-cp39-cp39-win_amd64.whl ''' Install a PFX (Certificate with Key) file to the Windows Local Computer (not current user) Personal store (typically where IIS looks for SSL Certificates) ''' import clr from System.Security.Cryptography.X509Certificates import X509Certificate2 from System.Security.Cryptography.X509Certificates import X509Store from System.Security.Cryptography.X509Certificates import X509KeyStorageFlags from System.Security.Cryptography.X509Certificates import OpenFlags from System.Security.Cryptography.X509Certificates import StoreName, StoreLocation pfx = X509Certificate2() store = X509Store(StoreName.My, StoreLocation.LocalMachine) passw = None pfx.Import('c:/mypfx.pfx', passw, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet) store.Open(OpenFlags.MaxAllowed) store.Add(pfx) store.Close() Kudos to the below powershell script for the primer that I adapted to Python.NET. https://gist.github.com/smaglio81/19146391f7f94e2449e16d3318be1ef7 Steven -Original Message- From: Steven Manross Sent: Thursday, May 26, 2022 7:32 PM To: Steven Manross ; mhamm...@skippinet.com.au; python-win32@python.org Subject: RE: [python-win32] Import Certificate with Private Key to Current Computer Certificate store As much as I don’t like shelling out to a command prompt... CERTUTIL -f -p "" -importpfx "c:\mycertwithpfx.pfx" There's definitely a different API for Certs with Private keys as best I can tell... I just cant find what it is 100%. THANKS FOR YOUR HELP! At least I can get it done (for now). Steven -Original Message- From: python-win32 On Behalf Of Steven Manross Sent: Thursday, May 26, 2022 5:49 PM To: mhamm...@skippinet.com.au; python-win32@python.org Subject: Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store I'll give it a shot... Thanks! Steven -Original Message- From: Mark Hammond Sent: Thursday, May 26, 2022 5:45 PM To: Steven Manross ; python-win32@python.org Subject: Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store Hi! I know almost nothing about certificate stores, but as luck would have it, someone did report some issues recently, so it turns out there is a PR that (a) tries to fix a couple of issues and (b) adds a test that adds certificates to the store - see https://github.com/mhammond/pywin32/pull/1863, particularly test_win32crypt.py, which can hopefully be found at https://github.com/mhammond/pywin32/pull/1863/files#diff-9f6fa3983d625ad71f59c9b4662dc07ea20602ffb5c3b1aa58e5e59fa759dff7 HTH, Mark On 27/05/2022 10:40 am, Steven Manross wrote: > Howdy, > > I am finishing up some work on requesting certificates from an internal > Microsoft CA, and then importing the certs to the local windows certificate > store, butd was having difficulty determining what function to use to import > a Certificate with Private Key (P12/PFX) to a the computer's Certificate > store. I've got everything else handled up to this point (I think), but now > I am stuck. > > I see two possible functions for likely adding the certificate to the store: > > http://timgolden.me.uk/pywin32-docs/win32crypt__CertAddSerializedElementToStore_meth.html > * likely the way to go, but I don't see in the documentation > how to take my Cert with Key and convert it to the necessary structure > > http://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html > * this one I'm not so sure about (not likely what I want to do) > > ...but also see this: > > https://stackoverflow.com/questions/61888404/how-do-i-install-a-certificate-to-trusted-root-certificates-using-python > * however I cannot read the PFX correctly (presumably due to > the encrypted nature of the certificate with key). > * I DO have the base64 PEM crt and key files if that helps me > in this process > * the CertStore code from this post looks like what I need to > get to > the CertStore, however > > The certificates I'm trying to work with are typically for webserver renewals. > > If anyone has knowledge and is willing to share, I'd appreciate it! > > Please and Thank you, > Steven > ___ > python-win32 mailing list > python-win32@python.org > https://mail.python.org/mailman/listinfo/python-win32 ___ python-win32 mailing list python-win32@python.o
Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store
As much as I don’t like shelling out to a command prompt... CERTUTIL -f -p "" -importpfx "c:\mycertwithpfx.pfx" There's definitely a different API for Certs with Private keys as best I can tell... I just cant find what it is 100%. THANKS FOR YOUR HELP! At least I can get it done (for now). Steven -Original Message- From: python-win32 On Behalf Of Steven Manross Sent: Thursday, May 26, 2022 5:49 PM To: mhamm...@skippinet.com.au; python-win32@python.org Subject: Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store I'll give it a shot... Thanks! Steven -Original Message- From: Mark Hammond Sent: Thursday, May 26, 2022 5:45 PM To: Steven Manross ; python-win32@python.org Subject: Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store Hi! I know almost nothing about certificate stores, but as luck would have it, someone did report some issues recently, so it turns out there is a PR that (a) tries to fix a couple of issues and (b) adds a test that adds certificates to the store - see https://github.com/mhammond/pywin32/pull/1863, particularly test_win32crypt.py, which can hopefully be found at https://github.com/mhammond/pywin32/pull/1863/files#diff-9f6fa3983d625ad71f59c9b4662dc07ea20602ffb5c3b1aa58e5e59fa759dff7 HTH, Mark On 27/05/2022 10:40 am, Steven Manross wrote: > Howdy, > > I am finishing up some work on requesting certificates from an internal > Microsoft CA, and then importing the certs to the local windows certificate > store, butd was having difficulty determining what function to use to import > a Certificate with Private Key (P12/PFX) to a the computer's Certificate > store. I've got everything else handled up to this point (I think), but now > I am stuck. > > I see two possible functions for likely adding the certificate to the store: > > http://timgolden.me.uk/pywin32-docs/win32crypt__CertAddSerializedElementToStore_meth.html > * likely the way to go, but I don't see in the documentation > how to take my Cert with Key and convert it to the necessary structure > > http://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html > * this one I'm not so sure about (not likely what I want to do) > > ...but also see this: > > https://stackoverflow.com/questions/61888404/how-do-i-install-a-certificate-to-trusted-root-certificates-using-python > * however I cannot read the PFX correctly (presumably due to > the encrypted nature of the certificate with key). > * I DO have the base64 PEM crt and key files if that helps me > in this process > * the CertStore code from this post looks like what I need to > get to > the CertStore, however > > The certificates I'm trying to work with are typically for webserver renewals. > > If anyone has knowledge and is willing to share, I'd appreciate it! > > Please and Thank you, > Steven > ___ > python-win32 mailing list > python-win32@python.org > https://mail.python.org/mailman/listinfo/python-win32 ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32 ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store
I'll give it a shot... Thanks! Steven -Original Message- From: Mark Hammond Sent: Thursday, May 26, 2022 5:45 PM To: Steven Manross ; python-win32@python.org Subject: Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store Hi! I know almost nothing about certificate stores, but as luck would have it, someone did report some issues recently, so it turns out there is a PR that (a) tries to fix a couple of issues and (b) adds a test that adds certificates to the store - see https://github.com/mhammond/pywin32/pull/1863, particularly test_win32crypt.py, which can hopefully be found at https://github.com/mhammond/pywin32/pull/1863/files#diff-9f6fa3983d625ad71f59c9b4662dc07ea20602ffb5c3b1aa58e5e59fa759dff7 HTH, Mark On 27/05/2022 10:40 am, Steven Manross wrote: > Howdy, > > I am finishing up some work on requesting certificates from an internal > Microsoft CA, and then importing the certs to the local windows certificate > store, butd was having difficulty determining what function to use to import > a Certificate with Private Key (P12/PFX) to a the computer's Certificate > store. I've got everything else handled up to this point (I think), but now > I am stuck. > > I see two possible functions for likely adding the certificate to the store: > > http://timgolden.me.uk/pywin32-docs/win32crypt__CertAddSerializedElementToStore_meth.html > * likely the way to go, but I don't see in the documentation > how to take my Cert with Key and convert it to the necessary structure > > http://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html > * this one I'm not so sure about (not likely what I want to do) > > ...but also see this: > > https://stackoverflow.com/questions/61888404/how-do-i-install-a-certificate-to-trusted-root-certificates-using-python > * however I cannot read the PFX correctly (presumably due to > the encrypted nature of the certificate with key). > * I DO have the base64 PEM crt and key files if that helps me > in this process > * the CertStore code from this post looks like what I need to > get to > the CertStore, however > > The certificates I'm trying to work with are typically for webserver renewals. > > If anyone has knowledge and is willing to share, I'd appreciate it! > > Please and Thank you, > Steven > ___ > python-win32 mailing list > python-win32@python.org > https://mail.python.org/mailman/listinfo/python-win32 ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] Import Certificate with Private Key to Current Computer Certificate store
Hi! I know almost nothing about certificate stores, but as luck would have it, someone did report some issues recently, so it turns out there is a PR that (a) tries to fix a couple of issues and (b) adds a test that adds certificates to the store - see https://github.com/mhammond/pywin32/pull/1863, particularly test_win32crypt.py, which can hopefully be found at https://github.com/mhammond/pywin32/pull/1863/files#diff-9f6fa3983d625ad71f59c9b4662dc07ea20602ffb5c3b1aa58e5e59fa759dff7 HTH, Mark On 27/05/2022 10:40 am, Steven Manross wrote: Howdy, I am finishing up some work on requesting certificates from an internal Microsoft CA, and then importing the certs to the local windows certificate store, butd was having difficulty determining what function to use to import a Certificate with Private Key (P12/PFX) to a the computer's Certificate store. I've got everything else handled up to this point (I think), but now I am stuck. I see two possible functions for likely adding the certificate to the store: http://timgolden.me.uk/pywin32-docs/win32crypt__CertAddSerializedElementToStore_meth.html * likely the way to go, but I don't see in the documentation how to take my Cert with Key and convert it to the necessary structure http://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html * this one I'm not so sure about (not likely what I want to do) ...but also see this: https://stackoverflow.com/questions/61888404/how-do-i-install-a-certificate-to-trusted-root-certificates-using-python * however I cannot read the PFX correctly (presumably due to the encrypted nature of the certificate with key). * I DO have the base64 PEM crt and key files if that helps me in this process * the CertStore code from this post looks like what I need to get to the CertStore, however The certificates I'm trying to work with are typically for webserver renewals. If anyone has knowledge and is willing to share, I'd appreciate it! Please and Thank you, Steven ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32 ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
[python-win32] Import Certificate with Private Key to Current Computer Certificate store
Howdy, I am finishing up some work on requesting certificates from an internal Microsoft CA, and then importing the certs to the local windows certificate store, butd was having difficulty determining what function to use to import a Certificate with Private Key (P12/PFX) to a the computer's Certificate store. I've got everything else handled up to this point (I think), but now I am stuck. I see two possible functions for likely adding the certificate to the store: http://timgolden.me.uk/pywin32-docs/win32crypt__CertAddSerializedElementToStore_meth.html * likely the way to go, but I don't see in the documentation how to take my Cert with Key and convert it to the necessary structure http://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html * this one I'm not so sure about (not likely what I want to do) ...but also see this: https://stackoverflow.com/questions/61888404/how-do-i-install-a-certificate-to-trusted-root-certificates-using-python * however I cannot read the PFX correctly (presumably due to the encrypted nature of the certificate with key). * I DO have the base64 PEM crt and key files if that helps me in this process * the CertStore code from this post looks like what I need to get to the CertStore, however The certificates I'm trying to work with are typically for webserver renewals. If anyone has knowledge and is willing to share, I'd appreciate it! Please and Thank you, Steven ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32