Importing PFX Certificates into Internet Explorer

This utility will import PKCS12 (.pfx) certificates into Internet Explorer, and will overwrite any existing certificate from the same issuer. This utility can be used standalone, but is also part of the batch file to obtain a valid Fermilab KCA certificate.

You may freely download IMPORTPFX.

IMPORTPFX v1.0 Joe Klemencic 2002

Usage: importpfx.exe -f <filename.p12> -p <export passwd> -t USER|MACHINE -s <certstore> [-r "Subject OU to remove" | -all]

This utility will import a PKCS12 certificate file (with a .p12 or .pfx extension) into the certificate store specified by the -s parameter.
The default behavior is to overwrite like certificates (if available). The -r "Subject OU" will remove all certificates matching the Subject CN
in from the CN in the PKCS12 file and the Subject OU set to the -r parameter.

PARAMETERS:
-f = PKCS12 filename
-p = Password to secure the private key with
-t = Store type (USER or MACHINE)
-s = The certificate store to import into (MY is a common param)

-r "Subject OU Text" = Delete all user certificates in which the Subject OU matches the -r "Subject OU Text" and the Subject CN matches the PKCS12 Subject CN
-r -all = Delete ALL user certificates in the <certstore>


Examples:
Import a PKCS12 file into the MY store, overwriting if allowed:
importpfs.exe -f x509.p12 -p "password" -t USER -s MY

Import a PKCS12 file into the local machine Testing store and delete any stored certificates with a Subject containing OU="Self-Signed CA":
importpfx.exe -f x509.p12 -p "" -t MACHINE -s Testing -r "Self-Signed CA"

Delete ALL certificates in the USER MY store:
importpfx.exe -t USER -s MY -r -all