To add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line, you must:
1. Download the codesigningx86.exe package from the Microsoft Download Center.
2. Right-click codesigningx86.exe and extract the files.
3. Copy the CertMgr.exe program to a location in your path.
Once CertMgr.exe is available:
1. Open CMD.EXE window.
2. Type the following command and press Enter:
certmgr.exe -add -c "<cert-file>" -s -r localMachine root
Where <cert-file> is the fully qualified path to the certificate file.
When you type CertMgr.exe /?, you see:
\[-s \[-r <location>\]\[DestinationStoreName\]
-add Add certificates/CRLs/CTLs to a storeFile or a system store
-del Delete certificates/CRLs/CTLs from a storeFile or
a system store
-put Put an encoded certificate/CRL/CTL from a storeFile or
a system store to a file. The file will be saved in X.509
format. -7 can be used to save the file in PKCS#7 format
-s Indicate the store is a system store
-r <location> The system store location
<currentuser> Default to 'currentUser'
-c Certificates in the store
-crl Certificates revocation lists(CRLs) in the store
-ctl Certificates trust lists(CTLs) in the store
-v Verbose display of the certificates/CRLs/CTLs
-all All certificates/CRLs/CTLs in the store
-n <name> Common name of the certificate
-sha1 <thumbprint> The sha1 hash of the certificate/CRLs/CTLs
-7 Save the destination store in PKCS# 7 format
-e <encode> Certificate/CRL/CTL encoding type.
Default to X509_ASN_ENCODING
-f <flag> CertStore open flags. Meaningful only if -y is set
-y <provider> CertStore provider name</provider></flag></encode></thumbprint></name></currentuser></location></location></location>