How can you check the installed Certificate Authority in windows 7/8?

  • And know which are not default ones installed by Microsoft?

  • To view your certificate stores, run certmgr.msc as described there. The "root" store contains the root CA, i.e. the CA which are trusted a priori. certmgr.msc shows you an aggregate view of all root CA which apply to the current user; internally, there are several relevant stores (the "local machine" stores apply to all users, the "current user" stores are specific to the current user; and there also are "enterprise" stores which are similar to "local machine" but meant to be filled automatically from the AD server of the current domain).

    See this page for a list of all CA that Microsoft puts in Windows by default; any discrepancy would be a local variation. The list is occasionally updated, and this is propagated to your computer through the normal Windows update mechanisms.

    Followed instructions, and see the lists of certificates in differrent folders, but the top level is "Certificate - Current User" and I did not find the "local machine" foder/node. Is this access right issue?I am the admin of the PC though.

    `certmgr.msc` shows an aggregate view -- i.e. what impacts the current user, and that's a merge of his "current user stores" and the "local machine stores". To view stores separately, use `mmc.exe` with the "certificate viewer" snap-in, which will give you that option.

    Be nice if there were a tool to automatically check the CA certificates are standard or not.

    For anyone looking to add certs into the root CA, right-click "Trusted Root Certification Authorities" >> "All Tasks" >> "Import".

    @Petah There is one: `sigcheck`, it is part of the Sysinternals Suite. If you run it from the `cmd` with `sigcheck -tv`, it does exactly that...

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM