How to install root certificate on NanoServer

Question

There are some guides showing how to do this, but they are from a while ago and I can't seem to find the utility certoc.exe they are referring to. Has this been removed from the later versions of nanoserver?

https://joshuachini.com/2018/02/08/how-to-import-an-enterprise-certificate-into-a-windows-container/

https://www.ntweekly.com/2017/01/30/install-self-signed-certificate-on-windows-nano-server-2016/

https://blogs.technet.microsoft.com/nanoserver/2015/11/19/hands-on-packaging-and-installing-your-first-windows-server-apps-on-nano-server/

Anyone got any ideas on where I am meant to get this utility?

I found another little clue here https://github.com/PowerShell/CertificateDsc/issues/45

That kind of eludes to the Import-Certificate command being available in nano server. Although I am failing to find that either.

Any help would be appricated, cheers.

PS C:\> docker run microsoft/nanoserver:1803_KB4338819 certoc.exe
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: container 3f732602c6d8fbbf9370613971a7f40993a54bc33870d3040bf5e9c2fec8969c encountered an error during CreateProcess: failure in a Windows system call: The system cannot find the file specified. (0x2) extra info: {"CommandLine":"certoc.exe","User":"ContainerUser","WorkingDirectory":"C:\\","CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}.

PS C:\> docker run -it microsoft/powershell:6.0.4-nanoserver-1803_kb4338819 certoc.exe
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: container 285d821dccac930df5681e73842f8ce2bac812f361a6b9d14b00dcb4901a9141 encountered an error during CreateProcess: failure in a Windows system call: The system cannot find the file specified. (0x2) extra info: {"CommandLine":"certoc.exe","User":"ContainerUser","WorkingDirectory":"C:\\","Environment":{"PSCORE":"C:\\Program Files\\PowerShell\\pwsh.exe","ProgramFiles":"C:\\Program Files"},"EmulateConsole":true,"CreateStdInPipe":true,"CreateStdOutPipe":true,"ConsoleSize":[42,249]}.

PS C:\> docker run microsoft/powershell:6.0.4-nanoserver-1803_kb4338819 pwsh -Command "Get-Help Import-Certificate"
Get-Help : Get-Help could not find Import-Certificate in a help file in this session. To download updated help topics type: "Update-Help". To get help online, search for the help topic in the TechNet library at https://go.microsoft.com/fwlink/?LinkID=107116.

Answer 1

certoc.exe has been removed from both 1709 and 1803, for some reason. If you want to get it on your image, you can fetch it from microsoft/nanoserver:sac2016

FROM microsoft/nanoserver:sac2016 as tool

FROM microsoft/dotnet:2.1-runtime-nanoserver-1709

COPY --from=tool /Windows/System32/certoc.exe .