From 4c701ffecbc1c9c5614e4a33b121898ce98ef47f Mon Sep 17 00:00:00 2001 From: Markus Michalski <38650546+MarkusMichalski@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:40:15 +0100 Subject: [PATCH 1/2] Modify certutil commands for certificate installation Updated certutil commands to include the '-f' flag for adding certificates to the store. The flag was present in the previous edit, but at the wrong position causing an error. Added instructions for creating a batch file to install a specific code signing certificate. --- ssms/install/install-certificates.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ssms/install/install-certificates.md b/ssms/install/install-certificates.md index 44c4bd8a..6b12a150 100644 --- a/ssms/install/install-certificates.md +++ b/ssms/install/install-certificates.md @@ -49,11 +49,11 @@ If you're scripting the deployment of SSMS in an offline environment to client w Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands: ```console - certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestRootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestRootCertificate.cer" - certutil.exe -addstore -f "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\manifestCounterSignRootCertificate.cer" - certutil.exe -addstore -f "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer" + certutil.exe -f -addstore "Root" "[layout path]\certificates\vs_installer_opc.RootCertificate.cer" ``` 1. Deploy the batch file to the client. This command should run from an elevated process. @@ -79,6 +79,12 @@ To ensure the installation completes successfully, follow these steps: 1. You see the prompt, **The import was successful**. 1. Install SSMS using the local layout. +Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands: + +```console +certutil.exe -f -addstore "CA" "[layout path]\certificates\Microsoft Windows Code Signing PCA 2024.crt)" +``` + ## Maintain an offline machine For users maintaining offline machines, [obtain the required certificates](https://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt) and deploy them manually. From c24a3632e82a6f0c9b15b19ceb0a890beca0e3bf Mon Sep 17 00:00:00 2001 From: Randolph West MSFT <97149825+rwestMSFT@users.noreply.github.com> Date: Tue, 21 Apr 2026 10:40:33 -0600 Subject: [PATCH 2/2] Update ssms/install/install-certificates.md --- ssms/install/install-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssms/install/install-certificates.md b/ssms/install/install-certificates.md index 6b12a150..e1f26231 100644 --- a/ssms/install/install-certificates.md +++ b/ssms/install/install-certificates.md @@ -82,7 +82,7 @@ To ensure the installation completes successfully, follow these steps: Alternatively, create a batch file that uses certutil.exe, which ships with Windows, with the following commands: ```console -certutil.exe -f -addstore "CA" "[layout path]\certificates\Microsoft Windows Code Signing PCA 2024.crt)" +certutil.exe -f -addstore "CA" "[layout path]\certificates\Microsoft Windows Code Signing PCA 2024.crt" ``` ## Maintain an offline machine