To add a certificate to the Trusted Root Certification Authorities in LocalMachine from the command-line, you must:
1. Download the codesigningx86.exe package from the Microsoft Download Center.
2. Right-click codesigningx86.exe and extract the files.
3. Copy the CertMgr.exe program to a location in your path.
Once CertMgr.exe is available:
1. Open CMD.EXE window.
2. Type the following command and press Enter:
certmgr.exe -add -c "<cert-file>" -s -r localMachine root
Where <cert-file> is the fully qualified path to the certificate file.
When you type CertMgr.exe /?, you see:
Usage: CertMgr \[options\]\[-s \[-r
\]\[SourceStoreName\] \[-s \[-r \]\[DestinationStoreName\] Options: -add Add certificates/CRLs/CTLs to a storeFile or a system store -del Delete certificates/CRLs/CTLs from a storeFile or a system store -put Put an encoded certificate/CRL/CTL from a storeFile or a system store to a file. The file will be saved in X.509 format. -7 can be used to save the file in PKCS#7 format -s Indicate the store is a system store -r The system store location Default to 'currentUser' -c Certificates in the store -crl Certificates revocation lists(CRLs) in the store -ctl Certificates trust lists(CTLs) in the store -v Verbose display of the certificates/CRLs/CTLs -all All certificates/CRLs/CTLs in the store -n Common name of the certificate -sha1 The sha1 hash of the certificate/CRLs/CTLs -7 Save the destination store in PKCS# 7 format -e Certificate/CRL/CTL encoding type. Default to X509_ASN_ENCODING -f CertStore open flags. Meaningful only if -y is set -y CertStore provider name