.

Where is the Winodws Certificate Store?

<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Tue Jan 18, 2011 12:45 pm

Where is the Winodws Certificate Store?

Hey Folks!  Hope everyone had good holidays.  I'm in need of some info I can't seem to dig up.

I'm working on an assessment for a potential wireless rollout at my company, and part of our authentication mechanism is to issue a cert/key to grant access to the wireless assets.  I'm testing the viability and security of these certs.

Using the "Certificates" mmc snap-in, I'm obviously able to view certs and such, but I'm trying to locate the actual certificate store to check some integrity there.  However, I'm unable to find much information on the actual location of the store itself.  Some older documents point to this information being stored somewhere in the registry, but newer docs state that the store has moved out of the registry.  Unfortunately, I've not been able to uncover much more information.

If anyone can help, I'd be most appreciative... thanks!
Poking at security since 1986.  +++ATH
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Wed Jan 19, 2011 6:13 am

Re: Where is the Winodws Certificate Store?

Rance, I ran into the same results you have when I was trying to figure this out a few years ago.  I also had problems trying to find the physical store, as well as reading information from MSDN that the certificates are stored in the registry ... or not  :)

I'm not sure if this will help you but I have tried the following: run certmgr.msc and then select View > Options > "Show the following: Physical certificate stores"

This didn't help much as the actual physical location information wasn't displayed, I then ran Process Monitor (Sysinternals) and monitored the mmc.exe process while I toggled "Show physical certificate stores" hoping that I will see an open/read file process to the local computer. Process Monitor did show some read file activity such as:
create file and query directory C:\Documents and Settings\<user>\Application Data\Microsoft\SystemCertificates\My\Certificates

I checked the directory mentioned above and that was empty.

I also saw a registry read request for: HKCU\Software\Microsoft\SystemCertificates\Root\PhysicalStores
which resulted in a "name not found"

I also tried the following from MMC: "Trusted Root Certification Authorities" > "Local Computer" > "Certificates" and then selected a random certificate and saw that a call to read the registry was made, an example below:

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C

So it does appear that certificates are stored in the registry
All men by nature desire knowledge.

Aristotle
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Wed Jan 19, 2011 5:16 pm

Re: Where is the Winodws Certificate Store?

Data_Raid wrote:Rance, I ran into the same results you have when I was trying to figure this out a few years ago.  I also had problems trying to find the physical store, as well as reading information from MSDN that the certificates are stored in the registry ... or not  :)

<snip>

So it does appear that certificates are stored in the registry


Thanks so much for the great information... not just the answer, but your process as well.  Lots of good information in there!  I had actually been down the Docs & Settings road, but couldn't get what I needed out of the few files I found there.  The registry information was spot on though, got me exactly what I needed.

Thanks again for the assist!
Poking at security since 1986.  +++ATH
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Thu Jan 20, 2011 5:23 am

Re: Where is the Winodws Certificate Store?

You're welcome, glad to help
All men by nature desire knowledge.

Aristotle

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software