The Microsoft CertMgr.exe tool is included in few SDKs like the Windows SDK, Drivers SDK, and with Visual Studios. As of this writing it is a standalone executable and can simply be copied to other computers with requiring installation or other support files.
Usage: CertMgr [options][-s [-r <location>][SourceStoreName]
[-s [-r <location>][DestinationStoreName]
-add Add certificates/CRLs/CTLs to a storeFile or a system store
-del Delete certificates/CRLs/CTLs from a storeFile or
a system store
-put Put an encoded certificate/CRL/CTL from a storeFile or
a system store to a file. The file will be saved in X.509
format. -7 can be used to save the file in PKCS #7 format
-s Indicate the store is a system store
-r <location> The system store location
<currentUser|localMachine> Default to ‘currentUser’
-c Certificates in the store
-crl Certificates revocation lists(CRLs) in the store
-ctl Certificates trust lists(CTLs) in the store
-v Verbose display of the certificates/CRLs/CTLs
-all All certificates/CRLs/CTLs in the store
-n <name> Common name of the certificate
-sha1 <thumbPrint> The sha1 hash of the certificate/CRLs/CTLs
-7 Save the destination store in PKCS #7 format
-e <encode> Certificate/CRL/CTL encoding type.
Default to X509_ASN_ENCODING
-f <flag> CertStore open flags. Meaningful only if -y is set
-y <provider> CertStore provider name
Note the “-s” and “-r” options. The “-r” allows you to override the default currentUser and specify instead localMachine.
Once you’ve chosen User or Machine the “-s” points to which system certificate store you want to access.
HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates AuthRoot CA Disallowed MY Root Trust TrustedPeople TrustedPublisher UserDS HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates AuthRoot CA Disallowed MY Root Trust TrustedDevices TrustedPeople TrustedPublisher UserDS
C:\temp\>certmgr -s -r localMachine MY
C:\temp\>certmgr -s -r localMachine Root
C:\temp\>certmgr -s MY
See this site for more details: http://certificate.fyicenter.com/680_Tutorial_Windows__certmgr.exe_Certificate_Management_Comman.html