Certificates: frequently asked questions

Here are answers to some common questions about certificates.

Show all

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally, you won't have to think about certificates at all. You might, however, see a message telling you that a certificate is expired or not valid. In those cases, you should follow the instructions in the message. For more information, see Request or renew a certificate.

When do I need a certificate?

Certificates are usually provided for you automatically. For example, you need a certificate to use a secure website for a transaction, such as purchasing something or banking online. You also need a certificate if you want to encrypt a file using Encrypting File System (EFS). In both of these cases, the certificate is automatically provided for you. If you want a certificate for your personal use, such as protecting e‑mail with a digital signature, you might need to get the certificate yourself.

How do I get a certificate that isn't provided automatically?

Contact a certification authority and apply for a certificate. Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate. For example, if you want to protect e‑mail with a digital signature, you need to get a personal certificate. Certification authorities, such as VeriSign or Thawte, provide personal certificates. For more information, see Request or renew a certificate.

What are untrusted certificates?

An untrusted certificate is a certificate that a certification authority has revoked, or a certificate that for other reasons has been placed in the Untrusted Certificates folder on your computer. If a certification authority discovers that the identification information someone provided to get a certificate is false, that certificate will be revoked. When a certificate is revoked, it is moved to the Untrusted Certificates folder and can no longer be used.

How can I see my certificates?

You must be logged on as an administrator to perform these steps.

You can see the certificates on your computer by opening Certificate Manager.

Open Certificate Manager by clicking the Start button Picture of the Start button, typing certmgr.msc into the search box, and then pressing Enter. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

What are the different kinds of certificates?

These are some of the most common types of certificates and what they are used for:

Certificate type What it's used for
Certificate type


What it's used for

Encrypting and decrypting documents.

Certificate type

Server authentication

What it's used for

Verifying the identity of a server to computers that are connecting to it.

Certificate type

Client authentication

What it's used for

Verifying the identity of a computer to a server it is connecting to.

Certificate type

Secure e‑mail

What it's used for

Encrypting and digitally signing e‑mail.

Certificate type

Code signing

What it's used for

Verifying the publisher of a program. For example, if you download an ActiveX program, its digital signature verifies that it is published by the organization that is listed as the publisher.

Certificate type

File recovery

What it's used for

Recovering encrypted files if the EFS certificate is accidentally deleted or damaged.

Need more help?