How to View Certificates on Windows 10 (Using Windows 10 Certificate Manager)
Home » How to View Certificates on Windows 10 (Using Windows 10 Certificate Manager)
(1 votes, average: 5.00 out of 5)
This brief guide introduces you to Windows 10 Certificate Manager. This tool allows you to view and manage installed digital certificates on Windows devices as well as view CRLs and CTLs as well
When you install digital certificates onto your computer, there’s one place where they should be imported right away: the Windows 10 Certificate Manager. This tool is an easy-to-use console where you can view installed certificates on your Windows 10 device all in one place. This includes:
This article will familiarize you with the Windows 10 Certificate Manager tool that’s built into your machine. After that, we’ll walk you through the processes of how to view both organizational and publicly trusted digital certificates that are installed on your device.
Save 27% – DigiCert Code Signing Certificate
Enhance your code’s integrity and boost user confidence through digital “shrink-wrapping” using a DigiCert Code Signing Certificate.
What Is the Windows 10 Certificate Manager? It’s How You Can View Installed Certificates
The Certificate Manager is a console that comes installed on every modern Windows computer. It’s a tool that enables you to do many things relating to digital certificates that are installed on your device, including:
View installed certificates,
Modify your certificates,
Export existing certificates,
Delete existing certificates, and
Import new certificates.
This is also where you can view your device’s trust store for publicly trusted certificates (i.e., certificates issued by trusted certificate authorities [CAs]) that come pre-installed on your device. More on that toward the end of the article. But first, there’s one other important thing to mention before we move on to how to view certificates in Windows 10.
There are Two Types of Window Certificate Manager Tools (Snap-In vs Command-Line Utility)
Certmgr.msc is a Microsoft Management Console (MMC) snap-in. The snap-in is a handy interface where you can add specific tools to your device’s admin console (e.g., a certificate manager). This differs from the Certmgr.exe, which is a command-line utility certificate manager.
Now that we know what Windows Certificate Manager console is and why it’s useful, let’s get right to how you can use it to view, delete or install certificates onto your device.
How to View Installed Certificates on Windows 10 (Organizational & Individual Certificates)
1. First, open your Windows 10 Certificate Manager. You can do this by typing either Cert or Certificate in the run menu.
2. Select the Manage user certificates option at the top of the menu. This will populate another window title Certmgr. This is the Certificate Manager tool, which allows you to view installed certificates on Windows 10.
3. In the left pane, double-click the Personal folder to display a sub-folder titled Certificates.
4. Select the Certificates folder in the left navigation to view the list of digital certificates you have installed on your machine. These will display in the right pane.
That’s it! Now, you can view any of these individual certificates by simply double-clicking on it. Doing this will open a new window that displays the digital certificate’s information, including:
The certificate’s intended uses,
Who it’s assigned to, and
What trusted certificates it stems from and whether it’s trustworthy.
Now you know how to view installed certificates on Windows 10! Of course, if you’re curious to know what certificates you have installed on your device through Windows, then keep reading.
This will display a folder labeled Certificates, which will display the trusted root certificates that are installed on your device:
That’s it! As you can see, understanding how to view certificates on Windows 10 isn’t complicated at all once you know what it is you’re looking for. There’s really nothing to it.
Don’t have a certificate yet? Then it’s time to remedy that with our selection of Windows code signing certificates.
Save Up to 21% on a Windows Code Signing Certificate
Give users a reason to trust your Windows apps by preventing “Unknown Publisher” warnings. You can digitally sign unlimited apps for as little as $211.46/year.
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Email Us
+1 (727) 291-0611
Chat Now
