Logical certificate stores organize certificates in logical, functional categories for users, computers, and services. The use of logical certificate stores eliminates the need to store duplicates of common public key objects, such as trusted root certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs) for users, computers, and services.

Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To display certificates by logical certificate stores
  1. Open the Certificates snap-in for a user, computer, or service.

  2. In the console tree, click Certificates – Current, Certificates – (Local Computer), or Certificates – Service.

  3. On the View menu, click Options.

  4. Under Organize view mode by, click Logical certificate stores, and then click OK. The Logical Store Name column heading will appear in the details pane.

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.

  • To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.

  • When you view certificates by logical store, you will occasionally see what appear to be two copies of the same certificate in the store. This occurs because the same certificate is stored in separate physical stores under a logical store. When the contents of the physical certificate stores are combined into one logical store view, both instances of the same certificate are displayed.

    You can verify this by setting the view option to show the physical certificate stores and then noting that the certificate is stored in separate physical stores under the same logical store. You can verify that it is the same certificate by comparing the serial numbers.

Additional references


Table Of Contents