How to View Digital Certificates Installed in Windows 10 / 11

by

A digital certificate is something that acts as a credential to verify the identity of the sender. Windows has many digital certificates installed on it at multiple levels under different categories. It is possible to view where these digital certificates are stored in your Windows 10. Read on, to learn how to view the different types of digital certificates that are installed in your machine.

Method 1: Through Command Prompt

1. Press WIN+R keys together and bring up the Run dialog box. Once it comes up, type in cmd and then press Enter key.

 

1 Run Cmd

 

2. When Command Prompt opens, type in the command certutil -user -store My and then hit the Enter key to view the complete summary of local user’s personal digital certificates installed in your Windows 10.

certutil -user -store My

 

2 Cmd Command

 

Method 2: Through Windows PowerShell

1. Open Windows PowerShell by typing in powershell in your windows Start Menu search bar and then by choosing the option Windows PowerShell from the results that show up.



 

3 Start Menu Windows Powershell

 

2. Once the Windows PowerShell is launched, execute the following command by typing it in or by copy pasting it to view the local user’s personal digital certificates installed in your Windows 10.

dir Cert:\CurrentUser\My

 

4 Powershell Certificate

 

Method 3: Through CERTMGR Service

1. Open Run Window by pressing WIN +R keys together. In the Run command box, type certmgr.msc and then hit the Enter key.

 

5 Run Certmgr

 

2. Now the certmgr window will be launched for you. In the left pane of the window, you will be able to see different categories of certificate folders. You can click on the arrow associated with each category to see its sub categories. Expand the Certificates folder to view the actual certificate of any category.

In the right pane of the window, you will now be able to see the certificate that you chose to view.

 

6 Certmgr Certificates

 

3. If you double click on the certificate from the right window pane that is shown in Step 2, you will be able to view all the details like Version, Serial number, Signature algorithm used, Issuer, validity dates etc., related to that particular certificate under the Details tab.

 

7 Certificate Details

 

Method 4: Through Windows File Explorer

Simply open Windows file explorer and in the file explorer search bar, copy paste the following:

%AppData%\Microsoft\SystemCertificates\My\Certificates

You will now be able to view the certificates installed for the current user in your machine.

 

14 Appdata Certificates

 

Method 5: Through Microsoft Management Console (MMC)

1. Press the keys WIN + R together to bring up the Run dialog box. In the Run command box, type in mmc and hit Enter key.

 

15 Run Mmc

 

2.  Click on the File tab and then click on Add/Remove Snap-in option.

 

16 Add Or Remove Snap In

 

3. In the left window pane, under Available snap-ins: find and click on the snap-in that says Certificates. As next, click on Add button.

 

17 Certificate Add

 

4. A new window by the name Certificates snap-in will now be launched. Select the option Computer account here and click Next button.

 

18 Computer Account

 

5. Now, for This snap-in will always manage option, select Local computer and then click on the Finish button.

 

19 Local Computer

 

6. You will now be back at the Add or Remove Snap-ins window. At this step, simply click on the OK button at the bottom.

 

20 Snap In Ok

 

7. Earlier under Console Root section, nothing was present. Now a new section called Certificates (Local Computer) got added. Click on the arrow associated with it to expand the Certificates (Local Computer) section.

Under Certificates (Local Computer) section, you can see multiple sub sections, which are all different certificate categories. You can expand each of the sub categories by clicking on the arrows associated with them. If you then click on the Certificates folder, you will be able to see all certificates of the selected sub category listed in the right window pane.

 

21 View Certificates

 

8. If you want to view details of a specific certificate, then you can double click on any of the certificates listed on the right side of the window. That will give you details of the certificate like its Version, Serial number, Signature algorithm used, Signature hash algorithm used, Issuer, Validity etc.



 

7 Certificate Details

 

Method 6: Through Registry Editor

Registry Editor window can be launched using Run command. Press WIN + R keys together to open the Run dialog box. Now type in regedit and hit Enter key.

 

8 Run Regedit

 

Once the Registry Editor window opens up, we need to navigate to different locations to view settings of different types of certificates installed in our machine. Please follow the steps below to view the settings of different categories of certificates installed in your machine from Registry Editor.

Current User Certificates

1. To view the certificates of current user, navigate to the following path.

HKEY_CURRENT_USER --> Software --> Microsoft --> SystemCertificates --> CA --> Certificates

2. Under the Certificates folder, you will be able to see all the certificates installed for the current user in the left window pane. One such certificate is highlighted for your reference. If you click on any certificate, you will be able to see its settings in the right window pane.

 

9 Cert Current User

 

Group Policy (GPO) Certificates

1. To view the group policy (GPO) certificates, navigate to the following route:

HKEY_CURRENT_USER --> Software --> Policies --> Microsoft --> SystemCertificates

2. Under the SystemCertificates folder, you will see different categories of group policy certificates. You can choose any category and inside the chosen category you will find a Certificate folder, which will have all the certificates listed for that particular group policy.

 



10 Cert Gpo

 

Certificates of Specific Users

1. To view the certificates installed for a specific user account in your machine, first we need to find the Security ID of that user. To find the Security ID of a user account, open Command Prompt and type in the following command. Replace user_name with the user account name that you want to find the security ID of.

wmic useraccount where name=user_name get sid

 

11 Cert Specific User Sid

 

2. Now in the Registry Editor window, click on HKEY_USERS. As next, you need to click on the folder whose name is the Security ID that you found in the previous step.

 

12 Cert Hkey Users Sid

 

3. Now that you have figured out which folder to select based on Security ID, you can finish the rest of the navigation. Please go to the following path to view the different certificate categories of the user account that you have selected and to view each certificate’s individual settings.

HKEY_USERS --> Security_ID_User_Account --> Software --> Microsoft --> SystemCertificates

 

13 Cert User Specific

 

Team Level Certificates

Just like how it is explained in the previous certificate sections, if you need to view the Team Level certificates installed in your machine, you need to navigate to:

HKEY_LOCAL_MACHINE --> Software -->  Microsoft -->  SystemCertificates

Equipment Certificates Associated with Group Policies

Similary, to view the Equipment Certificates associated with group policies, you can navigate to:

HKEY_LOCAL_MACHINE --> Software --> Policies --> Microsoft --> SystemCertificates

System Service Certificates

System Service certificate settings are available at:

HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Cryptography --> Services --> ServiceName --> SystemCertificates

Active Directory Certificates

Also, Active Directory certificate settings are present in the Windows Registry at:

HKEY_LOCAL_MACHINE --> Software --> Microsoft --> EnterpriseCertificates

 

Please let us know in comments if you found the article useful.

Read More: