When trying to import a certificate into the User trusted root certificate store we get the error:
“The import failed because the store was read-only, the store was full, or the store did not open correctly" CertMgr error
This appears to work for only one person in the organisation who is a global admin and does not work for anyone else in the organisation (including GA's). This did work prior to migrating from traditional on prem AD to AzureAD.
We have also tried to drag and drop the certificate into CertMgr rather than simply importing and that did not work either, see error here
Other steps that we have tried are: elevating user to GA and local admin neither of which worked.
Running Windows 10, and AzureAD.
Best Answer
This is because of applied GPO which prevents from this. It is configured under
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Certificate Path Validation Settings
as shown below. When selected checkbox is unchecked, then Trusted Root CAs store becomes read-only and is not used by certificate chaining engine to build the chain.If you are an administrator in your company, then you need to review policy set (use
rsop.msc
orgpmc.msc
) and identify which policy configures this setting. Update the policy as you need.