In one of our earlier posts, we have seen what Root Certificates are. There may be times, when some companies or users may feel the need to manage and configure Trusted Root Certificates, to prevent other users in the domain from configuring their own set. In this post, we will see how to manage Trusted Root Certificates & add certificates to the Trusted Root Certification Authorities store in Windows 11/10/8/7.
Manage Trusted Root Certificates in Windows 11/10
To add certificates to the Trusted Root Certification Authorities store for a local computer, from the WinX Menu in Windows 11/10/8.1, open Run box, type mmc, and hit Enter to open the Microsoft Management Control.
Press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Certificates, and then click Add.
Click OK. In the next dialog box, select Computer account and then on Next.
Now select Local computer and click on Finish.
Now, back in MMC, in the console tree, double-click on Certificates and then right-click on Trusted Root Certification Authorities Store. Under All tasks, select Import.
The Certificate Import Wizard will open.
Follow the instructions in the wizard to complete the process.
Now let us see how to configure and manage trusted root certificates for a local computer. Open MMC and press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Group Policy Object Editor, and then click Add. Select the computer whose local GPO you want to edit, and click Finish / OK.
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.
Read: Manage certificates using Certificate Manager or Certmgr.msc.
Here, select the Define these policy settings, Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates checkboxes.
Finally, under Stores tab > Root certificate stores, select one option under Root CAs that the client computers can trust and click OK. If in doubt, go with the recommended option.
To see how you can manage trusted root certificates for a domain and how to add certificates to the Trusted Root Certification Authorities store for a domain, visit Technet.
RCC is a free Root Certificates Scanner that can help you scan Windows Root Certificates for untrusted ones.