Import TLS certificates into Windows Certificate Store

perform the following tasks to import the tls certificates import the certificates perform the following steps to import the certificates by using microsoft management console (mmc) and the certificates snap in open microsoft management console by pressing windows+r to open run , then type "mmc" in the empty box and select \[ ok ] at the top of the mmc window, select file > add/remove snap in in the add or remove snap ins window, select certificates and select \[ add ] select the computer account radio button and select \[ next ] select local computer (selected by default) and select \[ finish ] back in the add or remove snap ins window, select \[ ok ] in the mmc main console, expand the certificate snap in go to the personal > certificates pane right click within the certificates panel and select all tasks > import to start the certificate import wizard select local machine as the store location select \[ next ] to continue select \[ browse ] , find and select the leaf certificate file (such as igdemo pem ), and select \[ next ] leave the default option selected to place all certificates in the personal certificate store, and select \[ next ] review the summary of the selected options, and select \[ finish ] a notification window states that the import was successful go to the trusted root certificate authorities > certificates pane right click within the certificates panel and select all tasks > import to start the certificate import wizard local machine should be selected as the store location select \[ next ] to continue select \[ browse ] , find and select the ca certificate file ( ca pem ), then select \[ next ] leave the default option selected to place all certificates in the trusted root certificate authorities certificate store, and select \[ next ] review the summary of the selected options, and select \[ finish ] associate the certificates perform the following steps to associate the certificates with their corresponding private keys stored on the hsm by using certutil note the serial numbers of both the ca certificate and the leaf certificate for use in the following certutil commands to do so, double click on each certificate, go to the details tab, and note down the listed serial number value open windows powershell or command prompt as an administrator run the following command to associate the leaf certificate with its corresponding private key stored on the hsm be sure to substitute "serial number" with the actual certificate serial number value my represents the personal certificate store $ certutil repairstore csp "futurex cng" my "serial number" run the following command to associate the ca certificate with its corresponding private key stored on the {{ch}} root represents the trusted root certification authorities certificate store $ certutil repairstore csp "futurex cng" root "serial number" for further confirmation that both certificates are now associated with their corresponding private keys on the {{ch}} , double click each certificate in the mmc certificates snap in, and you should see a message saying you have a private key that corresponds to this certificate