Operating system security

Using certificates in Windows 10

Greg Belding
October 21, 2019 by
Greg Belding

Trust is one of the most important things that can be established between two parties. It is a process where both parties suspend their disbelief of the other’s potential for betrayal and proceed toward a common goal of some sort. This extends to the world of computers, where certificates have been used for years to establish trust between, in this case, users and computers. 

This article will detail using certificates in the context of Windows 10. It will shed some light on what certificates do in Windows 10 and will explore how to manage them in Windows 10. For those in IT, certificates in Windows 10 are a vital aspect of information security and understanding them may be the determining factor in supporting an organization’s end users.

Learn Windows 10 Host Security

Learn Windows 10 Host Security

Build your Windows skills with 13 courses covering Windows registry, services, processes, toolset and more.

A little about certificates

Certificates prove that websites are genuine and users are legitimate, and can provide a level of encryption to online communications via Secure Socket Layer (SSL) technology. Root certificate authority (CA) issues what are called root certificates, which are the top level of the chain of trust. A trusted root certificate is issued by a trusted root certificate authority.

Certificates use public key infrastructure (PKI), where there is a private key/public key pair. A common certificate cycle, known as asymmetric cryptography, is as follows: a certificate is signed by a CA using a private key which is stored with the user. The public key is embedded in a browser which sends encrypted messages to the user that contains a symmetric key. This key is used by the browser to encrypt communication between the user and the browser for the respective session. Public keys can also be used to verify distributed organization software.

Certificates have a limited lifespan — normally one to two years maximum. When certificates are revoked, details of the certificate are added to the certificate revocation list (CRL). When revoked certificates expire, they simply fall off the CRL.

Despite the importance of certificates, the average user will interact very rarely — if ever — with certificates, aside from possibly installing certificates in order to view certain sites. Certificates are more likely to be used by organization administrators and those providing information technology and information security support. All organizations are different, though, and yours may require significantly more certificate contact. 

How to manage certificates in Windows 10

Certificates are stored both with the user and with the computer, and checking which certificates are installed for each uses a different method. Windows 10 carries the torch passed by Windows 8 for certificate management. Please note that the Microsoft Management Console (MMC) can still be used to manage both user and computer certificates. This method is too well-worn to be specifically Windows 10, and there are more direct ways to manage them.

Managing certificates stored on the local machine

Certificates stored on the Windows 10 computer are located in the local machine certificate store. Windows 10 offers Certificate Manager as a certificate management tool for both computer and user certificates. Certificate Manager is part of MMC, but since its incorporation into the Windows OS family in Windows 7, Certificate Manager is the preferred method to manage certificates. 

To open Certificate Manager to view certificates stored on the local computer, enter cert in the Windows 10 Cortana search bar. This will pull up a control panel result called Manage Computer Certificates. Click on it and you will be presented with a Windows 10 Certificate Manager window for certificates stored on the local computer. This will be different from the standard Certificate Manager window that manages user certificates and will be titled certlm, which means certificates on the local machine. It offers the same functionality as Certificate Manager.

Certificate Manager makes managing certificates simple enough for beginner-to-intermediate Windows 10 users. It allows users the functionality to add (import), export, delete, modify and request new certificates. 

Managing certificates stored on the user account

Managing certificates stored on a user account in Windows 10 is performed with the standard version of Certificate Manager. To open Certificate Manager, type run into the Windows 10 Cortana search bar and hit Enter. Once the run window pops up, type certmgr.msc and hit enter. You will be presented with the Certification Manager window and will be viewing certificates stored on the user account. 

The user account inherits root certificates from the local computer/machine and has certificates of its own installed, making it a more expansive library of certificates than what is stored on the local computer. 

Learn Windows 10 Host Security

Learn Windows 10 Host Security

Build your Windows skills with 13 courses covering Windows registry, services, processes, toolset and more.

Conclusion

Certificates are important aspects in the chain of trust between computers and users and are prevalent in Windows 10. Not much has changed from Windows 8 to Windows 10, but the advent of Cortana has made managing certificates stored on the local computer/machine faster without having to configure MMC to allow for certificate management. 

Sources

  1. Certmgr.msc or Certificate Manager in Windows 10/8/7, TheWindowsClub
  2. How Windows 10 certificates create a chain of trust, TechTarget
  3. Digital Certificate Dangers, and How to Fight Them, eSecurity Planet
Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.