Windows – What are the Windows system certificate stores

certificatecode-signingwindowswindows 7

When adding certificates, stls, ctls and crls to the system, I can choose the certificate store.

I have found only references to the "my" and "root" stores so far.

Are there any other?

Best Answer

There are three types of certificate stores in Windows.

  1. User Account store
  2. Service Account store
  3. Local Computer store

Each of the three stores contain a number of folders which certificates go into

  • Personal (can be known as My when using scripts to add certs)
  • Trusted Root Certification Authority (can be known as Root)
  • Enterprise Trust
  • Intermediate Certification Authority
  • Active Directory User Object
  • Trusted Publishers
  • Untrusted Certificates
  • Third Party Root Certification Authorities
  • Trusted People

These can be seen if you open up an mmc.exe with the Certificates snapin.

Depending on what the certificate is meant to be doing you have to work out where it would go.

Most of the time on the servers we support we use the Computer Account store (as its accessible by all users on a Computer) and put certificates in the Personal store. Some times you might need to add in the signing authority public key certs into the Root and Intermediate Root CAs.