+5 votes
1.5k views
Where digital certificates are stored in Windows 10

in Windows 10 by (551k points)
reopened | 1.5k views

1 Answer

+3 votes
Best answer

1. View digital certificates from the MMC (Microsoft Management Console) in Windows 10
2. View digital certificates from CMD or Windows PowerShell in Windows 10
3. View digital certificates from Registry Editor in Windows 10

Microsoft has integrated into Windows 10 various security mechanisms that allow validating the authenticity or reliability of a component and one of these mechanisms is the use of digital certificates, perhaps many have heard of these certificates, but we do not know for sure that it is about..

What is a digital certificate in Windows 10
A digital certificate has been created as a credential thanks to which a means is provided to verify the identity of the sender. This is achieved because the certificate is composed of a set of data where a full identification of an organism is given. This can be achieved either by assigning a certificate to a particular user or to an entity where the public key is linked to a person, so a reliable organization will issue the certificate.

This is known as the certification authority (CA) and a reliable CA will only issue a certificate once the identity verification tests of the entity itself have been passed. In Windows 10, we have a certificate store which is in turn composed of keys hosted in the system registry and each of these keys identifies multiple files.

Windows 10 allows us to have full control of these certificates using the MSC (Microsoft Management Console) where we can carry out different tasks on these certificates, TechnoWikis will explain to you where the digital certificates are hosted in Windows 10..


1. View digital certificates from the MMC (Microsoft Management Console) in Windows 10

Step 1

This is the first step we will see, for this we will combine the following keys and execute the “mmc” command:

+ R

image

Step 2

Press Enter or Accept and after accepting the UAC permissions, we will go to the “File” menu and there we select “Add or remove complement” or we can use the following keys:

+ M Ctrl + M

image
Step 3

In the new window that appears, select the "Certificates" option and click on the "Add" button:

image

Step 4

The following window will be displayed:

image

Step 5

There we must select some of the possibilities that are:
  • My user account: Manage the digital certificates of the current user account.
  • Service account: manages the certificates of Windows 10 own services.
  • Computer account: Manage digital certificates throughout the Windows 10 environment.
Step 6

Once we select the appropriate option we click on Finish and we will see the following:

image

Step 7

We click on Accept to complete the process and after that we can access the different certificates based on the selected criteria: image

2. View digital certificates from CMD or Windows PowerShell in Windows 10


We can use one of the management consoles in Windows 10 (PowerShell or command prompt) to display the digital certificates in Windows 10, for this we will use the “certutil” command.

This “certutil” command is integrated as part of Certificate Services and allows us to:

  • Dump and display certification authority (CA) configuration information
  • Allows you to configure Certificate Services
  • We can backup and restore CA components
  • You have the option to verify certificates, key pairs and certificate chains
Step 1

From the command prompt we can execute the following. There we access a complete summary of the digital certificates of Windows 10.
 certutil -user -store My 
image
Step 2

In the case of PowerShell we must execute the following:
 dir Cert: \ CurrentUser \ My 
image

3. View digital certificates from Registry Editor in Windows 10


Finally, we can access the Windows 10 registry editor to see the different digital certificates available.
Step 1

For this we use the following keys and execute the following command:

+ R

 regedit 

image

Step 2

To see the certificates at the user level we will go to the next route. This key hosts the certificate settings for the current user.
 HKEY_CURRENT_USER \ Software \ Microsoft \ SystemCertificates \ CA \ Certificates 
image
Step 3

To see the user certificates of a GPO (Group Policy) we will go to the following route:
 HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ SystemCertificates 
image
Step 4

To see the certificates of a particular user we must use the following syntax:
 HKEY_USERS \ SID-User \ Software \ Microsoft \ SystemCertificates 
image
Step 5

At the team level, if we want to see the certificates for all users of the team we will go to the following route:
 HKEY_LOCAL_MACHINE \ Software \ Microsoft \ SystemCertificates 
image
Step 6

To see the equipment certificates associated with a GPO we will go to the following route:
 HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ SystemCertificates 
image
Step 7

In terms of service, in the following route we find the certificates of all system services:
 HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Cryptography \ Services \ ServiceName \ SystemCertificates 
image
Step 8

If we use Active Directory, in the following route we visualize the certificates issued by the Active Directory:
 HKEY_LOCAL_MACHINE \ Software \ Microsoft \ EnterpriseCertificates 
image
Step 9

Now we will see where the certificates are stored at the level of folders and files, in Windows 10 the folders for security are hidden and the public and private keys are housed in different locations, the user certificates are found in the following routes:
 % APPDATA% \ Microsoft \ SystemCertificates \ My \ Certificates % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Crypto \ RSA \ SID % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Credentials % USERPROFILE% \ AppData \ Roaming \ Microsoft \ Protect \ SID 
image
Step 10

Equipment certificates are available in the following route:
 C: \ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys 
image

With any of these simple options we will be able to access digital certificates in Windows 10.


by (3.5m points)
edited

Related questions

+5 votes
1 answer
+5 votes
1 answer
asked Jul 5, 2023 in Internet by backtothefuture (551k points) | 53 views
+5 votes
1 answer
+5 votes
1 answer
asked Jun 22, 2019 in Android by backtothefuture (551k points) | 440 views
+3 votes
1 answer
asked Jun 4, 2019 in Android by backtothefuture (551k points) | 4.2k views
Sponsored articles cost $40 per post. You can contact us via Feedback
10,643 questions
10,775 answers
510 comments
3 users