One of the things the ADK had problems with was certutil.

So I made a function in powershell to import the certificate.

function ImportCert { $CurrentStep=2 $ObjLabel.Text="Importerar Certifikat" [Int]$Percentage = ($currentStep/$steps)*100 $PB.Value = $Percentage $ObjForm.Refresh() Start-Sleep -Milliseconds 150 $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 $certPathPFX = "$ScriptDir\Cert.PFX" $certPathCA= "$ScriptDir\RootCA.cer" $Keyfile="$ScriptDir\key.aes" $Import="$ScriptDir\Import.txt" $Key=Get-Content $KeyFile $Imp=Get-Content $Import | ConvertTo-SecureString -Key $key $pfxPass=$Imp $pfx.import($certPathPFX,$pfxPass,"Exportable,PersistKeySet") $store = new-object System.Security.Cryptography.X509Certificates.X509Store( [System.Security.Cryptography.X509Certificates.StoreName]::My, "localmachine" ) $store.open("MaxAllowed") $store.add($pfx) $store.close() $pfx.import($certPathCA) $store = new-object System.Security.Cryptography.X509Certificates.X509Store( [System.Security.Cryptography.X509Certificates.StoreName]::Root, "localmachine" ) $store.open("MaxAllowed") $store.add($pfx) $store.close() }

Creating an encrypted password file.

#Creates random AES-key $KeyFile = ".\key.aes" $Key = New-Object Byte[] 16 [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key | out-file $KeyFile #Creates the file with the encrypted password #Where "PW" is the password for the certificate. $PwFile = ".\import.txt" $KeyFile = ".\key.aes" $Key = Get-Content $KeyFile $Password = "PW"| ConvertTo-SecureString -AsPlainText -Force $Password | ConvertFrom-SecureString -key $Key | Out-File $PwFile

This creates these 2 files which can be included in a package amongs with the certificate in question and a script that imports it.

Importing the certificate this way also prevents the password from being visible in the smsts log.