Trusted Root Certification Authorities Certificate Store - Windows drivers (2024)
Article
Starting with Windows Vista, the Plug and Play (PnP) manager performs driver signature verification during device and driver installation. However, the PnP manager can successfully verify a digital signature only if the following statements are true:
The signing certificate that was used to create the signature was issued by a certification authority (CA).
The corresponding root certificate for the CA is installed in the Trusted Root Certification Authorities certificate store. Therefore, the Trusted Root Certification Authorities certificate store contains the root certificates of all CAs that Windows trusts.
By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Administrators can configure the default set of trusted CAs and install their own private CA for verifying software.
NoteA private CA is unlikely to be trusted outside the network environment.
Having a valid digital signature ensures the authenticity and integrity of a driver package. However, it does not mean that the end-user or a system administrator implicitly trusts the software publisher. A user or administrator must decide whether to install or run an application on a case-by-case basis, based on their knowledge of the software publisher and application. By default, a publisher is trusted only if its certificate is installed in the Trusted Publishers certificate store.
The name of the Trusted Root Certification Authorities certificate store is root. You can manually install the root certificate of a private CA into the Trusted Root Certification Authorities certificate store on a computer by using the CertMgr tool.
NoteThe driver signing verification policy that is used by the PnP manager requires that the root certificate of a private CA has been previously installed in the local machine version of the Root Certification Authorities certificate store. For more information, see Local Machine and Current User Certificate Stores.
Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.
Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.
This type of certificate store is local to the computer and is global to all users on the computer. This certificate store is located in the registry under the HKEY_LOCAL_MACHINE root.
This problem is intermittent, and can be temporarily resolved by reenforcing GPO processing or reboot. If the root CA certificate is published using alternative methods, the problems might not occur, due to the afore-mentioned situation.
Open the Microsoft Management Console (Start > MMC);
Provide the self-signed certificate: Choose File > Add/Remove Snap-in; in the standalone tab, choose Add; choose the Certificates snap-in > Add; in the wizard, choose the Computer Account > Local Computer; press Finish to end the wizard;
Click Tools > Internet Options > Content.Click Certificates and then the Trusted Root Certification Authorities tab on the far right. This lists the root CAs known and trusted by your Web browser - that is, the CAs whose certificates have been installed in the SSL software in your Web browser.
If the certificate is installed on your computer but is not in Trusted Root Certification Authorities, you can move it. To do this, press Windows key + R to open the Run command, type certmgr.msc then press Enter.Find the certificate and drag it to the Trusted Root Certification Authorities > Certificates folder.
The most common cause of a "certificate not trusted" error is that the certificate installation was not properly completed on the server (or servers) hosting the site. Use our SSL Certificate tester to check for this issue.
Click Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities. Select Trusted Root Certification Authorities, right click, and select Import to open the Certificate Import Wizard. Click Next on the Welcome screen.
Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy
Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.