Installation of Multiple Certificates via PowerShell

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Special Thanks to   


The script will install Certificates in trusted root on the local device automatically. This is to avoid the installation of SSL CA manually.

Kindly see below for reference for installing SSL CA:

Click to download.


  • Certificate must be in the following format: .crt .cer and .pem
  • The certificate directory must be the same as the script
  • Set Script Policy to RemoteSigned
  • PowerShell must be run in Administrator.

Set Script Policy to RemoteSigned

Doing this keeps the system safe by preventing unauthorized scripts from running

How to Set PowerShell Execution Policy to RemoteSigned

1. Via Setting App

Windows 11: Settings App > Privacy & Security > For developer
Windows 10: Settings App > Updated & Security > For developer

Change execution policy to allow local PowerShell script to run without signing. Require signing for remote scripts “under the PowerShell section.” Then click Apply

2. PowerShell

2.1 Launch PowerShell in elevated mode

2.2 Enter the following commands “Set-ExecutionPolicy RemoteSigned” as seen below.

For Reference:

Running the Script

1. Extract the to desired location/directory and add the Certificates.
2. Run PowerShell in elevated mode.
Click the Start/Window button then type PowerShell, then Right click the PowerShell Icon and select Run as Administrator

3. Go to the Directory where the Script and Certificates are saved by doing the following command
cd < Path where the script is saved>

To verify you can use the command “dir”

     4. To run the script. Kindly type .\Cert.ps1 then Press Enter

*If you encounter the following issue below.

*Running script is disabled on your system and needs to be enabled by your system/network administrator

Verifying if the script was installed

Go to Run from the Start menu then enter “certlm.msc “ and verify if the Certificate was installed

Script Configuration

Set-Location $PSScriptRoot
dir -Path ".\" -filter *.crt | Import-Certificate -CertStoreLocation cert:\localmachine\root
dir -Path ".\" -filter *.cer | Import-Certificate -CertStoreLocation cert:\localmachine\root
dir -Path ".\" -filter *.pem | Import-Certificate -CertStoreLocation cert:\localmachine\root

Updated Disclaimer
[edited by: Erick Jan at 4:51 PM (GMT -7) on 28 Apr 2023]