Applies to Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows 8, and Windows Server 2012.
The Certificates console is an Microsoft Management Console (MMC) snap-in that you can use to manage the certificate stores for users, computers, and services.
You can use the Certificates console to perform the following tasks:
View information about certificates, such as certificate contents and the certification path.
Import certificates into a certificate store.
Move certificates between certificate stores.
Export certificates and, optionally, export private keys (if key export is enabled).
Delete certificates from certificate stores.
Request certificates from an enterprise CA for the Personal certificate store.
Open MMC. If you do not already have a customized MMC console, you can create one. To do so, open a Command Prompt, Windows PowerShell, or the Run dialog box, type MMC and then press ENTER. If you see a User Account Control prompt, ensure that it is displaying the action you want to take and then click Yes.
Click Console, and then click Add/Remove Snap-in. – Or – Press CTRL+M. The Add/Remove Snap-in dialog box appears.
Click Add . The Add Standalone Snap-in dialog box appears.
Select Certificates from the list of snap-ins, and then click Add. The Certificates Snap-in dialog box appears.
Select one of the following accounts:
My user account
Service account
Computer account
The Certificates console manages the certificate stores for this account.
Click Next . If you selected My user account , the Add Standalone Snap-in dialog box appears. You can click Add to add another snap-in. If you selected Service account or Computer account , the Select Computer dialog box appears. To manage the local computer, click Next . To manage another computer, either type the domain name of the computer in Another computer , or click Browse to select the computer from a list. Then click Next . If you selected Computer account , the Add Standalone Snap-in dialog box appears. You can click Add to add another snap-in. If you selected Service account , the Certificates Snap-in dialog box appears. Select a service from the Services account list, and click Finish . When the Add Standalone Snap-in dialog box appears, you can click Add to add another snap-in.
When you are finished adding snap-ins, in the Add Standalone Snap-in dialog box, click Close . The Add/Remove Snap-in dialog box appears and displays the snap-ins that you are installing in MMC.
In the Add/Remove Snap-in dialog box, click Close.
<return to top>
The following figure shows an example of three Certificates console nodes that have been added to MMC. The first Certificates console node manages certificates for the logged on user. The second Certificates console node manages certificates for the World Wide Web Publishing service for the local computer. The third Certificates console node manages certificates for the local computer itself.
Certificates Console (shown from a Windows 2000 operating system) The Certificates console nodes in the figure above have been expanded to show the logical certificate stores. This is called the Logical display mode. You also have the option of viewing certificates by their physical stores or by their purpose.
Option
Description
Certificate purpose
Select this option to view certificates in the Purposes display mode, in which certificates are grouped by the intended purpose of the certificates, such as Encrypting File System, File Recovery, and Code Signing.
Logical certificate stores
Select this option to view certificates in the Logical display mode, in which certificates are grouped by the logical store where they are located. This is the default display mode.
Physical certificate stores
Select this option to view the physical stores in addition to the logical stores. This option is available for the Logical display mode only.
Archived certificates
Select this option to view archived certificates. When certificates expire or are renewed, an archived version is retained of the certificate and its private keys. Retaining archived certificates is recommended because you might need to use the certificate and its private key later. For example, you might have to verify digital signatures for old documents that were signed with a key for a currently expired or renewed certificate.
You can move a certificate between stores on the same account. For example, you can move a certificate from the Personal store to the Trusted Root Certification Authorities store on the Local Computer. However, you cannot move a certificate from the Personal store of the Local Computer to the Personal store of the User. If you want to move certificates between accounts, first export the certificate from one account and then import the certificate to the other account.
You should only delete a certificate that you know is no longer necessary. If you delete a certificate with private key, then you will no longer be able to read encrypted data that uses that certificate. Ensure that you no longer need the certificate (especially with if it also has a private key with it) that you delete.
nyinyilwin733 edited Revision 26. Comment: nyinyi
Golf-Atthachaii edited Revision 24. Comment: it ok
Fernando Lugão Veltem edited Revision 21. Comment: correct toc
Kurt L Hudson edited Revision 19. Comment: Updated the enroll and retrieve section
Kurt L Hudson edited Revision 18. Comment: completed the instructions on requesting a certificate
Kurt L Hudson edited Revision 17. Comment: Wrote the directions on delete a certificate and completed the export a certificate directions
Kurt L Hudson edited Revision 16. Comment: Updated export certificate instructions, still need to update for exporting with key
Kurt L Hudson edited Revision 15. Comment: Wrote the directions on how to move a certificate between stores.
Kurt L Hudson edited Revision 14. Comment: Wrote the instructions for importing a certificate
Kurt L Hudson edited Revision 13. Comment: Inserted figures and return to top links
Kurt L Hudson edited Original. Comment: Updated to cover more operating systems.
Kurt L Hudson edited Revision 1. Comment: updated with a figure from a Windows 7 client to show they are pretty much the same and to illustrate View Options
Kurt L Hudson edited Revision 2. Comment: removed redundant title, updated first sentence
Ed Price - MSFT edited Revision 5. Comment: TOC
Kurt L Hudson edited Revision 7. Comment: Updated to cover Windows 8 and Windows Server 2012
Kurt L Hudson edited Revision 8. Comment: Updated again to prepare for additional topics.
Kurt L Hudson edited Revision 10. Comment: Some updates to the TOC
Kurt L Hudson edited Revision 11. Comment: Promoted the first How To a H1
Kurt L Hudson edited Revision 12. Comment: Updated viewing certificates information