However, by this way, the web host that holds the CA certificate will not be trusted any more and this can be very frustrating if you use HTTPS to access the web host.
There is only one way to suppress the warning dialog, that is "you don't add the CA certificate into the "Trusted Root Certification Authorities" store by doing so: certutil -f -user -p PASSWORD -importpfx c:\cert.pfx NoRootĪdd personal certificate into "Personal" store will not prompt any warning dialog. It is the second action that cause the UAC to prompt a warning dialog, since you are trying to add one CA certificate into the "Trusted Root Certification Authorities" store and this means that any web host that holds this certicate will be trusted in the future, this is a very important action and should be treated very discreetly by the user, shouldn't it? So the UAC will warn the user to comfirm this action. from a PFX file), you are given the option to mark the key as exportable.
Select Certificates and then "My User account" or "Current User". Select "Add Remove Snap-in" from the File menu. To self-enroll a smart card certificate for yourself, ensure you are logged in as the correct user and run MMC.exe.
In addition the PC on which you are enrolling has to be joined to the Domain from which the certificate is issued.
Note: This article assumes you have set up the Windows Certification Authority with the correct Smart Card certificate templates (see articles on Setting up a Smart Card for Self-Enrollment for the Windows Server version being used).