- certmgr.msc allows you to manage and administer digital certificates in Windows in a simple and visual way.
- Its correct use is essential to install, export, delete, or review certificates depending on the user or computer.
- Helps resolve security issues, prevent software crashes, and preserve system integrity.
When we browse the Internet or conduct electronic transactions, we rarely wonder how the operating system manages security behind the scenes. In the Windows universe, there is a fundamental tool to protect transactions, identify users and secure communications: certmgr.mscMany users are unaware of what this component is for and how to use it, but the truth is that it plays a key role in managing digital certificates and, therefore, in protecting our data.
In the following lines we are going to dive into the world of certmgr.msc, to know What it is, how to use it, what it is for and what are the scenarios in which it may be essentialIf you've ever needed to install, export, or delete a digital certificate, or if you've encountered problems installing certain programs, this article is designed to clear up any doubts you may have.
What is certmgr.msc and what is it used for?
Certmgr.msc is the Windows Certificate Manager. It is a administration console (MMC) that allows us to manage digital certificates installed on our computer in a graphical, simple, and straightforward manner. These certificates are essential for securing connections, identifying users, validating the origin of software, and a host of security-related operations.
For those who are less familiar with the subject, a digital certificate It is a set of computer files that authenticate the identity of a person, company, or even a device, allowing documents to be digitally signed, emails to be encrypted, or secure portals to be accessed. Windows stores these certificates in different "stores" depending on their use and characteristics, and certmgr.msc is the tool that allows us to explore them, add or remove certificates, and even export them for use on another computer..
How to access certmgr.msc in Windows
Accessing the certificate manager is very simple. Just use the Windows Run function:
- Press the keys Windows + R simultaneously.
- In the window that opens, type certmgr.msc and hit Enter.
A window will automatically open showing the structure of the current user's different certificate stores. From here, you can view, modify, import, or export installed digital certificates.
Keep in mind This manager displays the certificates of the logged-in user. To access the certificates for the entire computer (for example, to manage machine certificates), it's recommended to open the MMC console (by running mmc.exe), add the Certificates snap-in, and choose "Computer Account" instead of "User Account."
Main functions of certmgr.msc
The Certificate Manager allows you to perform several key actions related to digital security management in Windows:
- Viewing certificates: You can view all installed digital certificates, organized by categories such as "personal," "trusted certificate authorities," or "untrusted certificates."
- Import certificates: Allows you to add new certificates to Windows stores, for example, after obtaining one from an official website or after making a backup.
- Export certificates: Very useful to create backups or migrate your certificates to other devices or OS.
- Delete certificates: You can delete those that are no longer needed or threaten the security of the system, as happens in cases of malware that manipulates warehouses.
These features are especially useful for system administrators, IT technicians, and even advanced users who need to install certificates for online procedures or specific software.
Types of certificates and stores in Windows
In Windows, certificates are stored in different "warehouses" according to their purpose:
- Personal (My certificates): This section contains the digital certificates associated with the current user and which include a private key.
- Others: It only collects public key certificates, usually to identify other users or entities.
- Intermediate certification issuing entities: Certificates of entities that issue certificates on behalf of the root authority are stored here.
- Trusted Root Certification Authorities: This store contains the root certificates that are considered trustworthy and that validate the entire chain of trust.
- Certificates that are not trusted: All certificates that have been revoked or have lost trust, for example, due to malware or security issues.
With certmgr.msc, you can check which store each certificate is stored in and make informed decisions about using or deleting it.
Advanced Usage: CertMgr.exe and Command Line Management
In addition to the graphical console through certmgr.msc, Windows has advanced tools for those who prefer the line of commands: CertMgr.exeThis utility allows you to manage certificates, trust lists, and revocation lists with a variety of modifiers and arguments, making it especially useful for professional users or when automating tasks.
Below is a summary of some of the most common operations that CertMgr.exe allows:
- Add certificates: Allows you to add new certificates or trust lists to a specific store.
- Delete certificates: Remove from storage any certificates that are considered dangerous or unnecessary.
- Export certificates: Save certificates or lists to external files.
- Display information: It presents a list of the stored certificates, either in summary or in detail using the option /v.
Some useful modifiers are:
- /c, /CTL, /CRL: Indicates whether the file contains certificates, trust lists, or revocation lists.
- /s: Access the system stores.
- /r localMachine/currentUser: Specifies whether the action is performed at the machine or user level.
It is important to remember that To run CertMgr.exe you need administrator privileges and sometimes access from a symbol of the system with elevated permissionsThe versions of this tool are located in the WDK (Windows Driver Kit) folders depending on the system architecture (i386 for 32-bit, amd64 for 64-bit, etc.).
Installing and exporting digital certificates in Windows
Managing digital certificates may seem complex, but Windows provides us with graphical wizards to facilitate the task of installing (importing) or exporting certificates.Let's review the key steps:
Preliminary considerations before installing a certificate
Before you start installing a certificate, it is advisable to check that the operating system is up to date, avoid changing user, browser or updates while the process is being carried out and, if possible, temporarily disable the antivirus to avoid conflicts.
Identifies the certificate file, usually with an extension .pfx o .p12These contain the private key and are usually protected with a password that must be entered during installation.
Step-by-step installation
- Double-click on the certificate file or run the certmgr.msc command to launch it from the Import Wizard.
- The wizard will ask you if you want to install the certificate only for the current user or for the entire computer. For security reasons, it's common to choose the first option.
- Select the file location, enter the password if prompted, and choose additional options, such as "Mark key as exportable" or "Include extended properties."
- Finally, let Windows automatically select the most appropriate storage and complete the installation by following the summary displayed by the wizard.
The certificate will be ready for use, whether to sign documents, log in to portals, or encrypt information.
Export and backup
Exporting a digital certificate is key to avoiding losing access in case of problems or to using it on another computer. The process varies slightly depending on the browser it's installed on:
- Google Chrome: Go to Settings > Privacy & Security > Manage Certificates, select the certificate, and tap "Export."
- Mozilla Firefox: Go to Options > Privacy & Security > Certificates > View certificates, select your certificate, and tap "Backup."
- Internet Explorer: Tools > Internet Options > Content > Certificates > Personal. Right-click and choose "All Tasks > Export."
- Opera: Settings > Go to full browser settings > Security > Manage certificates.
The wizard will let you choose whether to include the private key, set a password, and select the exported file format (PFX, DER, etc.). This way, you can transport your certificate safely.
Certmgr.msc for security and malware issues
Sometimes Sophisticated malware can manipulate the list of untrusted certificates Windows to prevent the installation of security solutions or block legitimate software. A recent example showed how certain viruses add antivirus program certificates to the "untrusted certificates" folder, preventing them from running properly.
If you're experiencing a block when installing an antivirus or experiencing abnormal User Account Control (UAC) alerts, here are some steps to resolve it:
- Balance Windows + R, writes certmgr.msc and executes.
- Expand the section Certificates that are not trusted and check which entries appear.
- Remove suspicious certificates or certificates related to legitimate software that were added by mistake or malware.
- Reinstall your security software and update your system.
- Perform a full scan to ensure the absence of threats.
This action can be crucial when security programs like Bitdefender, Norton, or others fail to install or run properly due to blocked certificates.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.