To add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line, you must:

1. Download the codesigningx86.exe package from the Microsoft Download Center.

2. Right-click codesigningx86.exe and extract the files.

3. Copy the CertMgr.exe program to a location in your path.

Once CertMgr.exe is available:

1. Open CMD.EXE window.

2. Type the following command and press Enter:

certmgr.exe -add -c "<cert-file>" -s -r localMachine root

Where <cert-file> is the fully qualified path to the certificate file.

When you type CertMgr.exe /?, you see:

                              Usage: CertMgr \[options\]\[-s \[-r \]\[SourceStoreName\]                                                      \[-s \[-r \]\[DestinationStoreName\]                              Options:                               -add               Add certificates/CRLs/CTLs to a storeFile or a system store                               -del               Delete certificates/CRLs/CTLs from a storeFile or                                                  a system store                               -put               Put an encoded certificate/CRL/CTL from a storeFile or                                                  a system store to a file.  The file will be saved in X.509                                                  format. -7 can be used to save the file in PKCS#7 format                               -s                 Indicate the store is a system store                               -r       The system store location                                                       Default to 'currentUser'                               -c                 Certificates in the store                               -crl               Certificates revocation lists(CRLs) in the store                               -ctl               Certificates trust lists(CTLs) in the store                               -v                 Verbose display of the certificates/CRLs/CTLs                               -all               All certificates/CRLs/CTLs in the store                               -n           Common name of the certificate                               -sha1  The sha1 hash of the certificate/CRLs/CTLs                               -7                 Save the destination store in PKCS# 7 format                               -e         Certificate/CRL/CTL encoding type.                                                  Default to X509_ASN_ENCODING                               -f           CertStore open flags.  Meaningful only if -y is set                               -y       CertStore provider name