Microsoft has integrated into Windows 10 various security mechanisms that allow validating the authenticity or reliability of a component and one of these mechanisms is the use of digital certificates, perhaps many have heard of these certificates, but we do not know for sure that it is about..
What is a digital certificate in Windows 10
A digital certificate has been created as a credential thanks to which a means is provided to verify the identity of the sender. This is achieved because the certificate is composed of a set of data where a full identification of an organism is given. This can be achieved either by assigning a certificate to a particular user or to an entity where the public key is linked to a person, so a reliable organization will issue the certificate.
This is known as the certification authority (CA) and a reliable CA will only issue a certificate once the identity verification tests of the entity itself have been passed. In Windows 10, we have a certificate store which is in turn composed of keys hosted in the system registry and each of these keys identifies multiple files.
Windows 10 allows us to have full control of these certificates using the MSC (Microsoft Management Console) where we can carry out different tasks on these certificates, TechnoWikis will explain to you where the digital certificates are hosted in Windows 10..
1. View digital certificates from the MMC (Microsoft Management Console) in Windows 10
Step 1
This is the first step we will see, for this we will combine the following keys and execute the “mmc†command:
+ R
Step 2
Press Enter or Accept and after accepting the UAC permissions, we will go to the “File†menu and there we select “Add or remove complement†or we can use the following keys:
+ M Ctrl + M
Step 3
In the new window that appears, select the "Certificates" option and click on the "Add" button:
Step 4
The following window will be displayed:
Step 5
There we must select some of the possibilities that are:
- My user account: Manage the digital certificates of the current user account.
- Service account: manages the certificates of Windows 10 own services.
- Computer account: Manage digital certificates throughout the Windows 10 environment.
Step 6
Once we select the appropriate option we click on Finish and we will see the following:
Step 7
We click on Accept to complete the process and after that we can access the different certificates based on the selected criteria:
2. View digital certificates from CMD or Windows PowerShell in Windows 10
We can use one of the management consoles in Windows 10 (PowerShell or command prompt) to display the digital certificates in Windows 10, for this we will use the “certutil†command.
This “certutil†command is integrated as part of Certificate Services and allows us to:
- Dump and display certification authority (CA) configuration information
- Allows you to configure Certificate Services
- We can backup and restore CA components
- You have the option to verify certificates, key pairs and certificate chains
Step 1
From the command prompt we can execute the following. There we access a complete summary of the digital certificates of Windows 10.
certutil -user -store My
Step 2
In the case of PowerShell we must execute the following:
dir Cert: \ CurrentUser \ My
3. View digital certificates from Registry Editor in Windows 10
Finally, we can access the Windows 10 registry editor to see the different digital certificates available.
Step 1
For this we use the following keys and execute the following command:
+ R
regedit
Step 2
To see the certificates at the user level we will go to the next route. This key hosts the certificate settings for the current user.
HKEY_CURRENT_USER \ Software \ Microsoft \ SystemCertificates \ CA \ Certificates
Step 3
To see the user certificates of a GPO (Group Policy) we will go to the following route:
HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ SystemCertificates
Step 4
To see the certificates of a particular user we must use the following syntax:
HKEY_USERS \ SID-User \ Software \ Microsoft \ SystemCertificates
Step 5
At the team level, if we want to see the certificates for all users of the team we will go to the following route:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ SystemCertificates
Step 6
To see the equipment certificates associated with a GPO we will go to the following route:
HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ SystemCertificates
Step 7
In terms of service, in the following route we find the certificates of all system services:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Cryptography \ Services \ ServiceName \ SystemCertificates
Step 8
If we use Active Directory, in the following route we visualize the certificates issued by the Active Directory:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ EnterpriseCertificates
Step 9
Now we will see where the certificates are stored at the level of folders and files, in Windows 10 the folders for security are hidden and the public and private keys are housed in different locations, the user certificates are found in the following routes:
% APPDATA% \ Microsoft \ SystemCertificates \ My \ Certificates % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Crypto \ RSA \ SID % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Credentials % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Protect \ SID
Step 10
Equipment certificates are available in the following route:
C: \ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys
With any of these simple options we will be able to access digital certificates in Windows 10.