Installshield scripts, MSI packqages and NSIS do not support native digital certificate distribution.
That's why if we want to install a certificate to the windows certificates store and we don't want to rely on certmgr or certutil to do this for us, we are going to write the certificate directly into the registry.
Assume we have a root certificate. Import the certificate using mmc/certmgr to the "Trusted Root Certification Authorities" store.
Find the key in
HKLM\Software\Microsoft\SystemCertificates\ROOT\Certificates\[thumbprint]
The thumbprint is the SHA1 hash of the certificate. To see this value - open the root certificate and look for it in the certificate details tab.
There is only one value in this key besides the "Default" and it is "Blob".
Export the whole key and adjust the settings in your favourite installer.
Tags
windows