certmgr.msc - Types of Certificate Stores on Windows


What types of certificate stores do I have on my Windows system? What is "Personal" certificate store for?

✍: FYIcenter.com


If you start the "certmgr.msc" Management Console on your Windows system, you probably will see this list of certificate stores:

  • Personal - Contains certificates associated with private keys to which you have access. These are the certificates that have been issued to you, or to the computer or service for which you?re managing certificates. You can use your personal certificate to sign outgoing emails or log into Web sites.
  • Trusted Root Certification Authorities - Contains implicitly trusted CAs (Certificate Authorities). Includes all of the certificates in the Third-Party Root CAs store plus root certificates from your organization and Microsoft.
  • Enterprise Trust - Contains CTLs (Certificate Trust Lists). A certificate trust list provides a mechanism for trusting self-signed root certificates from other organizations and limiting the purposes for which these certificates are trusted.
  • Intermediate Certification Authorities - Certificates issued to subordinate CAs.
  • Active Directory User Object - Contains certificates associated with your user object and published in Active Directory.
  • Trusted Publishers - Certificates from CAs that are trusted by Software Restriction policies.
  • Untrusted Certificates - Contains certificates that have been revoked by the issuer.
  • Third-Party Root Certification Authorities - Contains trusted root certificates from CAs other than Microsoft and your organization.
  • Trusted People - Contains certificates issued to people or end entities that are explicitly trusted. Most often these are self-signed certificates or certificates explicitly trusted in an application such as Microsoft Outlook.
  • Other People - Contains certificates issued to people or end entities that are implicitly trusted. These certificates must be part of a trusted certification hierarchy. Most often these are cached certificates for services like Encrypting File System (EFS), where certificates are used for creating authorization for decrypting an encrypted file.
  • Certificate Enrollment Requests - Contains pending or rejected certificate requests.


certmgr.msc - Export Certificate List on Windows

Start "certmgr.msc" on Windows

Certificate Manager Console "certmgr.msc" on Windows

⇑⇑ Windows Certificates Tutorials

2012-08-02, 19197🔥, 0💬