How to manually update root certificates

  • KM03573386
  • 20-Dec-2019
  • 20-Dec-2019


How to manually update root certificates on windows for machines which do not have internet access


It may be necessary to manually update root certificates on a Windows machine where the ALM Client certificates still won't allow the client installation


On a machine with internet access...


  1. Open a cmd prompt as admin
  2. Navigate to a folder somewhere, i.e C:\Temp
  3. Type: CertUtil –generateSSTFromWU Rootstore.sst
  4. Current root certificates updates will download and write to the file "Rootstore.sst"
  5. Copy the .sst file from the path in Step 2 to the machine(s) which does not have internet access

On the machine without internet access...


  1. Click Start>Run. Alternatively click windows keyboard button + R
  2. Type: certmgr.msc - this opens the certificate manager
  3. Right click on the item "Trusted Root Certification Authorities
  4. Select All Tasks>Import
  5. Click Next
  6. Click "Browse", change the file type in the lower right selection drop-down to "All Files"
  7. Navigate to the location .sst file obtained from the previous set of steps and select the file
  8. Click Next
  9. Specify the radio item "Place all certificates in the following store. "Trusted Root Certification Authorities" should be specified
  10. Click Next, Click Finish - Note: It is necessary to click "Yes" very many times, each for every certificate which resides in the .sst file.
  11. Repeat steps 1-10 except specify the "Trusted Publishers" container for Steps 3 and 9