Manage Trusted Root Certificates in Windows 10/8

In one of our earlier posts, we have seen what Root Certificates are. There may be times, when some companies or users may feel the need to manage and configure Trusted Root Certificates, so as to prevent other users in the domain from configuring their own set. In this post, we will see how to manage Trusted Root Certificates & add certificates to Trusted Root Certification Authorities store in Windows 10/8.1.

Manage Trusted Root Certificates in Windows

To add certificates to the Trusted Root Certification Authorities store for a local computer, from the WinX Menu in Windows 10/8.1, open Run box, type mmc and hit Enter to open the Microsoft Management Control.

Press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Certificates,and then click Add.

Manage Trusted Root Certificates in Windows
Click OK. In the next dialog box, select Computer account and then on Next.
2 Manage Trusted Root Certificates
Now select Local computer and click on Finish.
3 Manage Trusted Root Certificates
Now, back in MMC, in the console tree, double-click on Certificates and then right-click on Trusted Root Certification Authorities Store. Under All tasks, select Import.
4 Manage Trusted Root Certificates
The Certificate Import Wizard will open.
5 Manage Trusted Root Certificates
Follow the instructions in the wizard to complete the process.

Now let us see how to configure and manage trusted root certificates for a local computer. Open MMC and press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Group Policy Object Editor,and then click Add. Select the computer whose local GPO you want to edit, and click Finish / OK.
6 Add Trusted Root Certificates
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.

Here, select the Define these policy settings, Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates check boxes.
7 Add Trusted Root Certificates

Finally under Root Certificate stores, select the root CAs that the client computers can trust and click OK.

To see how you can manage trusted root certificates for a domain and how to add certificates to the Trusted Root Certification Authorities store for a domain, visit Technet.

RCC is a free Root Certificates Scanner that can help you scan Windows Root Certificates for untrusted one’s.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.