Import certificates into Windows Certificate Store and associate them with the private keys

the following section imports the ca and leaf certificates created on the {{vectera}} in the previous section into the windows certificate store then, you can use the certutil command line utility to associate the certificates with their corresponding private keys stored on the hsm import the certificates perform the following steps to import the certificates by using microsoft management console (mmc) and the certificates snap in open microsoft management console by pressing windows+r to open run , and enter mmc in the empty text box select \[ ok ] at the top of the mmc window, select file > add/remove snap in in the add or remove snap ins window, select certificates and select \[ add ] select the computer account radio button and select \[ next ] select local computer (selected by default) and select \[ finish ] back in the add or remove snap ins window, select \[ ok ] in the mmc main console , expand the certificate snap in go to the personal > certificates pane right click within the certificates panel and select all tasks > import to start the certificate import wizard select local machine as the store location select \[ next ] to continue click browse , find and select the leaf certificate file ( igdemo pem ), and select \[ next ] leave the default option selected to place all certificates in the personal certificate store and select \[ next ] review the summary of the selected options and select \[ finish ] a notification window should pop up stating that the import was successful go to the trusted root certificate authorities > certificates pane right click within the certificates panel and select all tasks > import to start the certificate import wizard select local machine as the store location select \[ next ] to continue select \[ browse ] , find and select the ca certificate file ( ca pem ), and select \[ next ] leave the default option selected to place all certificates in the trusted root certificate authorities certificate store and select \[ next ] review the summary of the selected options and select \[ finish ] associate the certificates perform the following steps to associate the certificates with their corresponding private keys stored on the hsm by using certutil note the serial numbers of both the ca certificate and the leaf certificate for use in the following certutil commands to do so, perform the following steps double click on each certificate go to the details tab note the listed serial number value open windows powershell or command prompt as an administrator run the following command to associate the leaf certificate with its corresponding private key stored on the hsm, substituting serial number with the actual certificate serial number value the my element represents the personal certificate store certutil repairstore csp "futurex cng" my "serial number" run the following command to associate the ca certificate with its corresponding private key stored on the hsm the root element represents the trusted root certification authorities certificate store certutil repairstore csp "futurex cng" root "serial number" for further confirmation that both certificates are now associated with their corresponding private keys on the hsm, double click each of the certificates in the mmc certificates snap in if it works, you should now see a message stating that you have a private key that corresponds to this certificate