CertUtil: ERROR_INVALID_ACL (0x80070538) exception when trying to install root certificate on Windows
I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add a certificate is executed. It happens both when using certutil and powershell.
Certutil
Command: -addstore -user -f root cert.pem
Output: -addstore команда НЕ ВЫПОЛНЕНА: 0x80070538 (WIN32: 1336 ERROR_INVALID_ACL)
Список управления доступом (ACL) имеет неверную структуру.
Roughly translates to The access control list structure is invalid.
PowerShell
Command: Import-Certificate -FilePath .cert.pem -CertStoreLocation Cert:CurrentUserRoot
Output: https://imgur.com/ZkHHEVx
Unfortunately there's not much about that error on the Internet so in case anyone has had experience with it I'd be greatful if you share.
windows powershell certificate exceptions certutil
asked Jan 9 at 17:54
alexalokalexalok
133
add a comment |
I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add a certificate is executed. It happens both when using certutil and powershell.
Certutil
Command: -addstore -user -f root cert.pem
Output: -addstore команда НЕ ВЫПОЛНЕНА: 0x80070538 (WIN32: 1336 ERROR_INVALID_ACL)
Список управления доступом (ACL) имеет неверную структуру.
Roughly translates to The access control list structure is invalid.
PowerShell
Command: Import-Certificate -FilePath .cert.pem -CertStoreLocation Cert:CurrentUserRoot
Output: https://imgur.com/ZkHHEVx
Unfortunately there's not much about that error on the Internet so in case anyone has had experience with it I'd be greatful if you share.
windows powershell certificate exceptions certutil
asked Jan 9 at 17:54
alexalokalexalok
133
Try this command :CERTUTIL -addstore -enterprise -f -v root "cert.pem"
– harrymc
Jan 9 at 18:16
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
@harrymc actually,-userinstalls a certificate only to a current user's profile and-enterpriseinstalls it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!
– alexalok
Jan 11 at 15:50
add a comment |
I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add a certificate is executed. It happens both when using certutil and powershell.
Certutil
Command: -addstore -user -f root cert.pem
Output: -addstore команда НЕ ВЫПОЛНЕНА: 0x80070538 (WIN32: 1336 ERROR_INVALID_ACL)
Список управления доступом (ACL) имеет неверную структуру.
Roughly translates to The access control list structure is invalid.
PowerShell
Command: Import-Certificate -FilePath .cert.pem -CertStoreLocation Cert:CurrentUserRoot
Output: https://imgur.com/ZkHHEVx
Unfortunately there's not much about that error on the Internet so in case anyone has had experience with it I'd be greatful if you share.
windows powershell certificate exceptions certutil
asked Jan 9 at 17:54
alexalokalexalok
133
I have a program that installs a certificate to Trusted Root (with user's consent). However, some of the users are unable to use my software due to an exception that occures whenever a command to add a certificate is executed. It happens both when using certutil and powershell.
Certutil
Command: -addstore -user -f root cert.pem
Output: -addstore команда НЕ ВЫПОЛНЕНА: 0x80070538 (WIN32: 1336 ERROR_INVALID_ACL)
Список управления доступом (ACL) имеет неверную структуру.
Roughly translates to The access control list structure is invalid.
PowerShell
Command: Import-Certificate -FilePath .cert.pem -CertStoreLocation Cert:CurrentUserRoot
Output: https://imgur.com/ZkHHEVx
Unfortunately there's not much about that error on the Internet so in case anyone has had experience with it I'd be greatful if you share.
windows powershell certificate exceptions certutil
windows powershell certificate exceptions certutil
asked Jan 9 at 17:54
alexalokalexalok
133
asked Jan 9 at 17:54
alexalokalexalok
133
asked Jan 9 at 17:54
alexalokalexalok
133
asked Jan 9 at 17:54
alexalokalexalok
133
asked Jan 9 at 17:54
alexalokalexalok
133
133
Try this command :CERTUTIL -addstore -enterprise -f -v root "cert.pem"
– harrymc
Jan 9 at 18:16
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
@harrymc actually,-userinstalls a certificate only to a current user's profile and-enterpriseinstalls it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!
– alexalok
Jan 11 at 15:50
add a comment |
Try this command :CERTUTIL -addstore -enterprise -f -v root "cert.pem"
– harrymc
Jan 9 at 18:16
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
@harrymc actually,-userinstalls a certificate only to a current user's profile and-enterpriseinstalls it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!
– alexalok
Jan 11 at 15:50
Try this command :
CERTUTIL -addstore -enterprise -f -v root "cert.pem"– harrymc
Jan 9 at 18:16
Try this command :
CERTUTIL -addstore -enterprise -f -v root "cert.pem"– harrymc
Jan 9 at 18:16
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
@harrymc actually,
-user installs a certificate only to a current user's profile and -enterprise installs it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!– alexalok
Jan 11 at 15:50
@harrymc actually,
-user installs a certificate only to a current user's profile and -enterprise installs it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!– alexalok
Jan 11 at 15:50
add a comment |
1 Answer
1
active
oldest
votes
The correct parameters for the certutil command are:
CERTUTIL -addstore -enterprise -f -v root "cert.pem"
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1392391%2fcertutil-error-invalid-acl-0x80070538-exception-when-trying-to-install-root-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The correct parameters for the certutil command are:
CERTUTIL -addstore -enterprise -f -v root "cert.pem"
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
add a comment |
The correct parameters for the certutil command are:
CERTUTIL -addstore -enterprise -f -v root "cert.pem"
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
add a comment |
The correct parameters for the certutil command are:
CERTUTIL -addstore -enterprise -f -v root "cert.pem"
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
The correct parameters for the certutil command are:
CERTUTIL -addstore -enterprise -f -v root "cert.pem"
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
answered Jan 11 at 15:26
harrymcharrymc
259k14271573
259k14271573
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1392391%2fcertutil-error-invalid-acl-0x80070538-exception-when-trying-to-install-root-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Try this command :
CERTUTIL -addstore -enterprise -f -v root "cert.pem"– harrymc
Jan 9 at 18:16
@harrymc, sorry for the delay, I had to wait until one of the users with this problem got in contact with me. Executing this command indeed fixed the issue. Could you please explain why this is the case? Is it security-related (i.e. some antivirus software interfering)?
– alexalok
Jan 11 at 13:20
You were just using the wrong parameters, so I added an answer about that.
– harrymc
Jan 11 at 15:27
@harrymc actually,
-userinstalls a certificate only to a current user's profile and-enterpriseinstalls it machine-wise. When installing a certificate machine-wise it is required to run certutil elevated, while the first option doesn't have this requirement. Nevertheless, thank you for your help!– alexalok
Jan 11 at 15:50