You should only import certificates obtained from trusted sources. Importing an unreliable certificate could compromise the security of any system component that uses the imported certificate.

You can import a certificate into any logical or physical store. In most cases, you will import certificates into the Personal store or the Trusted Root Certification Authorities store, depending on whether the certificate is intended for you or if it is a root certification authority (CA) certificate.

Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To import a certificate
  1. Open the Certificates snap-in for a user, computer, or service.

  2. In the console tree, click the logical store where you want to import the certificate.

  3. On the Action menu, point to All Tasks, and then click Import to start the Certificate Import Wizard.

  4. Type the file name containing the certificate to be imported. (You can also click Browse and navigate to the file.)

  5. If it is a PKCS #12 file, do the following:

    • Type the password used to encrypt the private key.

    • (Optional) If you want to be able to use strong private key protection, select the Enable strong private key protection check box.

    • (Optional) If you want to back up or transport your keys at a later time, select the Mark key as exportable check box.

  6. Do one of the following:

    • If the certificate should be automatically placed in a certificate store based on the type of certificate, click Automatically select the certificate store based on the type of certificate.

    • If you want to specify where the certificate is stored, select Place all certificates in the following store, click Browse, and choose the certificate store to use.

Additional considerations