Where is the certificate folder in Windows 7?

Can we know the exact location of the certificate (DigiCert, Verisign, etc..)?

Right now the only way to check the certificate is by using the MMC application in System32 or in our web browser (Internet Explorer, Firefox, etc..) Internet options.


Solution 1:

Windows' certificate store is (mostly) stored in the registry as outlined here. However, while IE, Chrome, Safari/iTunes, Outlook, etc. use Windows' certificate store, Firefox and Thunderbird use NSS' cross-platform certificate store. Opera also uses its own separate certificate store.

If you want to access Windows' certificate store, then you should use Microsoft's CryptoAPI. If you want to access the NSS certificate store, then you can use the NSS library.

Solution 2:

There isn't any "folder" of certficates in Windows; it is stored in an internal database (Windows Registry) that you interface using the ways you listed in your original question. The easiest way to get to that database is just put certmgr.msc in your start/run box.


If you are really curious, you can find the actual registry entries under:

\SOFTWARE\Microsoft\SystemCertificates\

In HKEY_CURRENT_USER for user-specific certificates and HKEY_LOCAL_MACHINE for machine-specific certificates, But they will be un-readable binary blobs. It is just better to use the MMC snap-in I listed earlier.

Solution 3:

Here is a location summary (registry keys and files):

User level (registry):

HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates: Contains settings certificates for the current user.

HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates: Like the previous location, but this corresponds to user certificates deployed a GPO (Group Policy).

HKEY_USERS\SID-User\Software\Microsoft\SystemCertificates: Corresponds to the configuration of certain user certificates. Each user has its branch in the registry with SID (Security Identifier).

Computer level (registry):

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates: Contains settings certificates for all computer users.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates: Like the previous location, but this corresponds to computer certificates deployed a GPO.

Service level (registry):

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates: Contains settings certificates for all services on the computer.

Active Directory level (registry):

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates: Certificates issued at Active Directory level.

And there are some folders and files corresponding to the Windows certificate store.

The folders are hidden and public and private keys are located in different folders.

User certificates (files):

%APPDATA%\Microsoft\SystemCertificates\My\Certificates
%USERPROFILE%\AppData\Roaming\Microsoft\Crypto\RSA\SID
%USERPROFILE%\AppData\Roaming\Microsoft\Credentials
%USERPROFILE%\AppData\Roaming\Microsoft\Protect\SID

Computer certificates (files):

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

Extracted from: http://www.sysadmit.com/2017/10/windows-donde-se-guardan-certificados.html