A digital certificate is something that acts as a credential to verify the identity of the sender. Windows has many digital certificates installed on it at multiple levels under different categories. It is possible to view where these digital certificates are stored in your Windows 10. Read on, to learn how to view the different types of digital certificates that are installed in your machine.
Method 1: Through Command Prompt
1. Press WIN+R keys together and bring up the Run dialog box. Once it comes up, type in cmd and then press Enter key.
2. When Command Prompt opens, type in the command certutil -user -store My and then hit the Enter key to view the complete summary of local user’s personal digital certificates installed in your Windows 10.
certutil -user -store My
Method 2: Through Windows PowerShell
1. Open Windows PowerShell by typing in powershell in your windows Start Menu search bar and then by choosing the option Windows PowerShell from the results that show up.
2. Once the Windows PowerShell is launched, execute the following command by typing it in or by copy pasting it to view the local user’s personal digital certificates installed in your Windows 10.
Method 3: Through CERTMGR Service
1. Open Run Window by pressing WIN +R keys together. In the Run command box, type certmgr.msc and then hit the Enter key.
2. Now the certmgr window will be launched for you. In the left pane of the window, you will be able to see different categories of certificate folders. You can click on the arrow associated with each category to see its sub categories. Expand the Certificates folder to view the actual certificate of any category.
In the right pane of the window, you will now be able to see the certificate that you chose to view.
3. If you double click on the certificate from the right window pane that is shown in Step 2, you will be able to view all the details like Version, Serial number, Signature algorithm used, Issuer, validity dates etc., related to that particular certificate under the Details tab.
Method 4: Through Windows File Explorer
Simply open Windows file explorer and in the file explorer search bar, copy paste the following:
You will now be able to view the certificates installed for the current user in your machine.
Method 5: Through Microsoft Management Console (MMC)
1. Press the keys WIN + R together to bring up the Run dialog box. In the Run command box, type in mmc and hit Enter key.
2. Click on the File tab and then click on Add/Remove Snap-in option.
3. In the left window pane, under Available snap-ins: find and click on the snap-in that says Certificates. As next, click on Add button.
4. A new window by the name Certificates snap-in will now be launched. Select the option Computer account here and click Next button.
5. Now, for This snap-in will always manage option, select Local computer and then click on the Finish button.
6. You will now be back at the Add or Remove Snap-ins window. At this step, simply click on the OK button at the bottom.
7. Earlier under Console Root section, nothing was present. Now a new section called Certificates (Local Computer) got added. Click on the arrow associated with it to expand the Certificates (Local Computer) section.
Under Certificates (Local Computer) section, you can see multiple sub sections, which are all different certificate categories. You can expand each of the sub categories by clicking on the arrows associated with them. If you then click on the Certificates folder, you will be able to see all certificates of the selected sub category listed in the right window pane.
8. If you want to view details of a specific certificate, then you can double click on any of the certificates listed on the right side of the window. That will give you details of the certificate like its Version, Serial number, Signature algorithm used, Signature hash algorithm used, Issuer, Validity etc.
Method 6: Through Registry Editor
Registry Editor window can be launched using Run command. Press WIN + R keys together to open the Run dialog box. Now type in regedit and hit Enter key.
Once the Registry Editor window opens up, we need to navigate to different locations to view settings of different types of certificates installed in our machine. Please follow the steps below to view the settings of different categories of certificates installed in your machine from Registry Editor.
Current User Certificates
1. To view the certificates of current user, navigate to the following path.
HKEY_CURRENT_USER --> Software --> Microsoft --> SystemCertificates --> CA --> Certificates
2. Under the Certificates folder, you will be able to see all the certificates installed for the current user in the left window pane. One such certificate is highlighted for your reference. If you click on any certificate, you will be able to see its settings in the right window pane.
Group Policy (GPO) Certificates
1. To view the group policy (GPO) certificates, navigate to the following route:
HKEY_CURRENT_USER --> Software --> Policies --> Microsoft --> SystemCertificates
2. Under the SystemCertificates folder, you will see different categories of group policy certificates. You can choose any category and inside the chosen category you will find a Certificate folder, which will have all the certificates listed for that particular group policy.
Certificates of Specific Users
1. To view the certificates installed for a specific user account in your machine, first we need to find the Security ID of that user. To find the Security ID of a user account, open Command Prompt and type in the following command. Replace user_name with the user account name that you want to find the security ID of.
wmic useraccount where name=user_name get sid
2. Now in the Registry Editor window, click on HKEY_USERS. As next, you need to click on the folder whose name is the Security ID that you found in the previous step.
3. Now that you have figured out which folder to select based on Security ID, you can finish the rest of the navigation. Please go to the following path to view the different certificate categories of the user account that you have selected and to view each certificate’s individual settings.
HKEY_USERS --> Security_ID_User_Account --> Software --> Microsoft --> SystemCertificates
Team Level Certificates
Just like how it is explained in the previous certificate sections, if you need to view the Team Level certificates installed in your machine, you need to navigate to:
HKEY_LOCAL_MACHINE --> Software --> Microsoft --> SystemCertificates
Equipment Certificates Associated with Group Policies
Similary, to view the Equipment Certificates associated with group policies, you can navigate to:
HKEY_LOCAL_MACHINE --> Software --> Policies --> Microsoft --> SystemCertificates
System Service Certificates
System Service certificate settings are available at:
HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Cryptography --> Services --> ServiceName --> SystemCertificates
Active Directory Certificates
Also, Active Directory certificate settings are present in the Windows Registry at:
HKEY_LOCAL_MACHINE --> Software --> Microsoft --> EnterpriseCertificates
Please let us know in comments if you found the article useful.