Here are answers to some common questions about certificates.

Show all

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally you won't have to think about certificates at all. You might, however, see a message telling you that a certificate is expired or invalid. In those cases you should follow the instructions in the message. For more information, see Request or renew a certificate.

When do I need a certificate?

Certificates are usually provided for you automatically. For example, you need a certificate to use a secure website for a transaction, such as purchasing something or banking online. You also need a certificate if you want to encrypt a file using Encrypting File System. In both of these cases, the certificate is automatically provided for you.

When would I need a certificate that's not provided for me automatically?

If you want a certificate for your personal use, it might not be provided automatically. For example, if you want to protect e‑mail with a digital signature, you need to get the certificate yourself.

How do I get a certificate that is not provided automatically?

Contact a certification authority and apply for a certificate. For example, if you want to protect e‑mail with a digital signature, you need to get a personal certificate. Certification authorities, such as VeriSign or Thawte, provide personal certificates. For more information, see Request or renew a certificate.

What is a certification authority?

Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate.

What are untrusted certificates?

An untrusted certificate is a certificate that a certification authority has revoked, or a certificate that for other reasons has been placed in the Untrusted Certificates folder on your computer. If a certification authority discovers that the identification information someone provided to get a certificate is false, that certificate will be revoked. When a certificate is revoked, it is moved to the Untrusted Certificates folder and can no longer be used.

Do I need to back up my certificates?

Most certificates don't need to be backed up. However, if you encrypt files with Encrypting File System (EFS), you should back up your EFS certificates so you don't lose your data. For more information about how to back up your EFS certificates, see Back up Encrypting File System (EFS) certificate.

How can I see my certificates?

You must be logged on as an administrator to perform these steps.

You can see the certificates on your computer by opening Certificate Manager.

Open Certificate Manager by clicking the Start button Picture of the Start button, typing certmgr.msc into the Search box, and then pressing ENTER. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

What are the different kinds of certificates?

These are some of the most common types of certificates and what they are used for:

Certificate type What it's used for
Certificate type

Encrypting File System

What it's used for

Encrypting and decrypting documents.

Certificate type

Server authentication

What it's used for

Verifying the identity of a server to computers that are connecting to it.

Certificate type

Client authentication

What it's used for

Verifying the identity of a computer to a server it is connecting to.

Certificate type

Secure e‑mail

What it's used for

Encrypting and digitally signing e‑mail.

Certificate type

Code signing

What it's used for

Verifying the publisher of a program. For example, if you download an ActiveX program, its digital signature verifies that it is published by the organization that is listed as the publisher.

Certificate type

File recovery

What it's used for

Recovering encrypted files if the EFS certificate is accidentally deleted or damaged.

Why do I need a certificate to use Encrypting File System (EFS)?

EFS uses an encryption key to encrypt your data. The encryption key is bound to a certificate. The first time you encrypt a file or folder, an encryption certificate and key will be created for you.