The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to manage Trusted Root Certificates in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

In one of our earlier posts, we have seen what Root Certificates are. There may be times, when some companies or users may feel the need to manage and configure Trusted Root Certificates, to prevent other users in the domain from configuring their own set. In this post, we will see how to manage Trusted Root Certificates & add certificates to the Trusted Root Certification Authorities store in Windows 11/10.

Manage Trusted Root Certificates in Windows 11/10

To add certificates to the Trusted Root Certification Authorities store for a local computer, from the WinX Menu in Windows 11/10, open Run box, type mmc, and hit Enter to open the Microsoft Management Control.

Press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Certificates, and then click Add.

Manage Trusted Root Certificates in Windows
Click OK. In the next dialog box, select Computer account and then on Next.2 Manage Trusted Root Certificates
Now select Local computer and click on Finish.
3 Manage Trusted Root Certificates
Now, back in MMC, in the console tree, double-click on Certificates and then right-click on Trusted Root Certification Authorities Store. Under All tasks, select Import.
4 Manage Trusted Root Certificates
The Certificate Import Wizard will open.
5 Manage Trusted Root Certificates
Follow the instructions in the wizard to complete the process.

Now let us see how to configure and manage trusted root certificates for a local computer. Open MMC and press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Group Policy Object Editor, and then click Add. Select the computer whose local GPO you want to edit, and click Finish / OK.
6 Add Trusted Root Certificates
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.

Read: Manage certificates using Certificate Manager or Certmgr.msc.

Here, select the Define these policy settings, Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates checkboxes.
7 Add Trusted Root Certificates

Finally, under Stores tab > Root certificate stores, select one option under Root CAs that the client computers can trust and click OK. If in doubt, go with the recommended option.

To see how you can manage trusted root certificates for a domain and how to add certificates to the Trusted Root Certification Authorities store for a domain, visit Microsoft.

RCC is a free Root Certificates Scanner that can help you scan Windows Root Certificates for untrusted ones.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.