{"id":7274,"date":"2020-10-19T21:33:08","date_gmt":"2020-10-19T19:33:08","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=7274"},"modified":"2020-10-21T09:14:31","modified_gmt":"2020-10-21T07:14:31","slug":"windows-certificate-locations","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-certificate-locations\/","title":{"rendered":"Windows: Certificate locations"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_7274 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_7274')){$('.twoclick_social_bookmarks_post_7274').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Certificate%20locations\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Athe%20Windows%20certificates%20MMC%20plugin%20allows%20to%20view%20and%20edit%20the%20most%20%28expect%20the%20enterprise%20store%29%20of%20the%20certificates%20Windows%20uses.%20But%20the%20location%20of%20the%20certificates%20is%20not%20really%20transparent.%20%0D%0A%0D%0AHere%20is%20a%20list%20where%20those%20certificates%20resides%20physically.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-certificate-locations\\\/\",\"post_id\":7274,\"post_title_referrer_track\":\"Windows%3A+Certificate+locations\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>the Windows certificates MMC plugin allows to view and edit the most (expect the enterprise store) of the certificates Windows uses. But the location of the certificates is not really transparent. <\/p>\n<p>Here is a list where those certificates resides physically.<br \/>\n<!--more--><br \/>\nCertificates located in the Registry<\/p>\n<table class=\"partlist\">\n<tbody>\n<tr class=\"partlist\">\n<th class=\"partlist\">Context<\/th>\n<th class=\"partlist\">Registry Path<\/th>\n<th class=\"partlist\">Description<\/th>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">User<\/td>\n<td class=\"partlist\">HKCU\\SOFTWARE\\Microsoft\\SystemCertificates<\/td>\n<td class=\"partlist\">Physical store for user specific public keys<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">User<\/td>\n<td class=\"partlist\">HKCU\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates<\/td>\n<td class=\"partlist\">Physical store for user specific public keys installed by Active Directory (AD) Group Policy Objects (GPOs)<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">Computer<\/td>\n<td class=\"partlist\">HKLM\\SOFTWARE\\Microsoft\\SystemCertificates<\/td>\n<td class=\"partlist\">Physical store for machine wide public keys<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">Computer<\/td>\n<td class=\"partlist\">HKLM\\SOFTWARE\\Microsoft\\Cryptography\\Services<\/td>\n<td class=\"partlist\">Physical store for keys associated with a specific service<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">Computer<\/td>\n<td class=\"partlist\">HKLM\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates<\/td>\n<td class=\"partlist\">Physical store for machine wide public keys installed by GPOs<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">Computer<\/td>\n<td class=\"partlist\">HKLM\\SOFTWARE\\Microsoft\\EnterpriseCertificates<\/td>\n<td class=\"partlist\">Physical store for machine wide public keys installed by the Enterprise PKI Containers within an AD domain<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Certificates located in the Filesystem<\/p>\n<table class=\"partlist\">\n<tbody>\n<tr class=\"partlist\">\n<th class=\"partlist\">Context<\/th>\n<th class=\"partlist\">Filepath<\/th>\n<th class=\"partlist\">Description<\/th>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">User<\/td>\n<td class=\"partlist\">%APPDATA%\\Microsoft\\SystemCertificates<\/td>\n<td class=\"partlist\">Physical store for user specific public keys and pointers to private keys<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">User<\/td>\n<td class=\"partlist\">%APPDATA%\\Microsoft\\Crypto<\/td>\n<td class=\"partlist\">Physical store for user specific private key containers<\/td>\n<\/tr>\n<tr class=\"partlist\">\n<td class=\"partlist\">Computer<\/td>\n<td class=\"partlist\">%ProgramData%\\Microsoft\\Crypto<\/td>\n<td class=\"partlist\">Physical store for machine wide private key containers<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The certificates can be managed by the Powershell CERT PSDrive provider<br \/>\nUser certificates<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; cd Cert:\\CurrentUser\\my\r\nPS Cert:\\CurrentUser\\my\\&gt; Get-Item *\r\n<\/pre>\n<p>Computer certificates<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; cd Cert:\\LocalMachine\\my\r\nPS Cert:\\LocalMachine\\my\\&gt; Get-Item *\r\n<\/pre>\n<p>The enterprise store is not reachable from powershell.<br \/>\nAn example to get all certificates from the enterprise ntauth store<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\NTAuth\\Certificates\\* -name blob | %{new-object System.Security.Cryptography.X509Certificates.X509Certificate2($_.Blob,$null)}\r\n<\/pre>\n<p>Or with certutil<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; certutil -store -enterprise ntauth\r\n<\/pre>\n<p>To get a list of futher powershell command lets <\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; get-command -Module pki\r\n<\/pre>\n<p>Michael<\/p>\n<p><!--https:\/\/adamtheautomator.com\/windows-certificate-manager\/#Viewing_Physical_Stores--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, the Windows certificates MMC plugin allows to view and edit the most (expect the enterprise store) of the certificates Windows uses. But the location of the certificates is not really transparent. Here is a list where those certificates resides physically.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[466,2,5],"tags":[1492,1493,913,1494,728,133,20],"class_list":["post-7274","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","category-windowsknowhow","tag-certifcates","tag-enterprise","tag-location","tag-ntauth-store","tag-physical","tag-powershell","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=7274"}],"version-history":[{"count":13,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7274\/revisions"}],"predecessor-version":[{"id":7287,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7274\/revisions\/7287"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=7274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=7274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=7274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}