Here are answers to some common questions about certificates.
Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally you won't have to think about certificates at all. You might, however, see a message telling you that a certificate is expired or invalid. In those cases you should follow the instructions in the message. For more information, see Request or renew a certificate.
Certificates are usually provided for you automatically. For example, you need a certificate to use a secure website for a transaction, such as purchasing something or banking online. You also need a certificate if you want to encrypt a file using Encrypting File System. In both of these cases, the certificate is automatically provided for you.
If you want a certificate for your personal use, it might not be provided automatically. For example, if you want to protect e‑mail with a digital signature, you need to get the certificate yourself.
Contact a certification authority and apply for a certificate. For example, if you want to protect e‑mail with a digital signature, you need to get a personal certificate. Certification authorities, such as VeriSign or Thawte, provide personal certificates. For more information, see Request or renew a certificate.
Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate.
An untrusted certificate is a certificate that a certification authority has revoked, or a certificate that for other reasons has been placed in the Untrusted Certificates folder on your computer. If a certification authority discovers that the identification information someone provided to get a certificate is false, that certificate will be revoked. When a certificate is revoked, it is moved to the Untrusted Certificates folder and can no longer be used.
Most certificates don't need to be backed up. However, if you encrypt files with Encrypting File System (EFS), you should back up your EFS certificates so you don't lose your data. For more information about how to back up your EFS certificates, see Back up Encrypting File System (EFS) certificate.
You must be logged on as an administrator to perform these steps.
You can see the certificates on your computer by opening Certificate Manager.
Open Certificate Manager by clicking the Start button , typing certmgr.msc into the Search box, and then pressing ENTER.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
These are some of the most common types of certificates and what they are used for:
Encrypting File System
Encrypting and decrypting documents.
Verifying the identity of a server to computers that are connecting to it.
Verifying the identity of a computer to a server it is connecting to.
Encrypting and digitally signing e‑mail.
Verifying the publisher of a program. For example, if you download an ActiveX program, its digital signature verifies that it is published by the organization that is listed as the publisher.
Recovering encrypted files if the EFS certificate is accidentally deleted or damaged.
EFS uses an encryption key to encrypt your data. The encryption key is bound to a certificate. The first time you encrypt a file or folder, an encryption certificate and key will be created for you.