Export a Certificate as a .REG

For the most part, installing certificates on Windows is no easy task for an end-user. A combination of mmc and trying to put the cert in the right store is a much, much longer process than is needed. This post should show you how to export a certificate from the Trusted Root Certification Authorities store as a .reg file that you can distribute to end-users. You could also use it as part of a batch file or VBScript to silently import the certificate.

Click Start | Run and enter mmc. Press OK.

Click File | Add/Remove Snap-In and press the Add button.

Choose Certificates and press Add.


Choose Computer Account and press Next.


Leave Local Computer selected and press Finish.

Press Close and OK.

Expand the Certificates\Trusted Root Certification Authorities folder and look for the [CA Name] certificate. It may be listed twice. Double-click to open the properties.


Click the Details tab. Scroll to the bottom and examine the Thumbprint. Take note of the first few characters.


Click Start | Run and enter regedit. Press OK.

Expand HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. Look for a key name starting with the same characters as the thumbprint. The certificate data is stored in the blob value.


Right-click the key name and choose Export.

Save the .reg file some place safe.


You can also use this method for some of the other certificate stores. The other useful store I use frequently is the Personal store. Just replace the ROOT in that registry path with MY to find the certificates there.

Threat Management Gateway

This evening I downloaded the Microsoft Stirling Threat Management Gateway (TMG) product, the newest iteration of ISA to try out. I fired up a spare VM I had lying around and ran the installer. Strangely enough, the "installer" dumped setup files in a folder for me. I had to go dig for them and launch another setup. Good start! After clicking the install link it chugs along for a few seconds and comes back with Installation Failed. No reason, no explanation, nothing. How handy! I poked around in the log files generated by setup but nothing stuck out. I updated the machine completely thinking it was a .NET 3.5 SP1 deal or something along those lines. No luck.

I guess when all else fails, look at the system requirements, right?


I was trying to install on an x86 Server 2003 VM. Oops.