Display Certificate Stores in Logical Store Mode

  • Article

Applies To: Windows Server 2008

Logical certificate stores group certificates together in logical, functional categories for users, computers, and services. They provide pointers to the physical certificate stores. The use of logical certificate stores eliminates the need to store duplicates of common public key objects, such as trusted root certificates, CTLs, and CRLs for users, computers, and services.

Users or local Administrators are the minimum group memberships required to complete this procedure. Review the details in "Additional considerations" in this topic.

To display certificate stores in Logical Store mode

  1. Open the Certificates snap-in for a user, computer, or service.

  2. Open Certificates - Current.

  3. Right-click Certificates - Current, click View, and then click Options.

  4. Under Organize view mode by, click Logical certificate stores, and then click OK. The title Logical Store Name will appear at the top of the right-hand column when you click the top node the Certificates snap-in, enabling you to select the logical store whose certificates you want to view.

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.

  • To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.

  • When you look at the contents of a certificate store in Logical Store mode, you will occasionally see what appear to be two copies of the same certificate in the store. This occurs because the same certificate is stored in separate physical stores under a logical store. When the contents of the physical certificates stores are combined into one logical store view, both instances of the same certificate are displayed.

    You can verify this by setting the view option to show the physical certificate stores and then noting that the certificate is stored in separate physical stores under the same logical store. You can verify that it is the same certificate by comparing the serial numbers.