How to add Certificate to Trusted Root on Windows 10

Learn to manage the certificates on your device

Reading time icon 4 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Root certificates help your browser determine whether certain websites are genuine and safe to open.
  • A trusted certificate is required in case the digital certificate is not from a trusted authority.
  • Although Windows 10 already has built-in certificates, you can also install new ones.
  • Read on to find out how to install trusted root certificates on Windows 10/11.

Root certificates are public key certificates that help your browser determine whether communication with a website is genuine and is based upon whether the issuing authority is trusted and if the digital certificate remains valid.

Suppose a digital certificate is not from a trusted authority. In that case, you’ll get an error message like There is a problem with this website’s security certificate, and the browser might block communication with the website.

Windows 10 has built-in certificates and automatically updates them. However, you can manually add more root certificates to Windows 10 from certificate authorities (CAs).

Where is the Trusted Root Certificate Store in Windows 10?

The Trusted Root Certificate store in Windows 10 is a collection of root certificates for Certificate Authorities (CAs) considered trustworthy by the operating system.

This store is used to validate digital certificates and establish secure connections over the internet.

You must access the Microsoft Management Console to access the Trusted Root Certificate store in Windows 10.

The trusted Root Certificate store is, however, located in the root of the Registry path below:


How do I add a certificate to the trusted root on Windows 10?

  1. Install certificates from trusted CAs
  2. Install Trusted Root Certificates with the Microsoft Management Console

1. Install certificates from trusted CAs

  1. First, you’ll need to download a root certificate from a CA. For example, you could download one from the GeoTrust site.
  2. Next, press Win key + R, enter secpol.msc in Run’s text box, and hit Enter (Windows 10 Home edition doesn’t include the Local Security Policy editor. If your Windows key doesn’t work, check our quick guide to fix it).
    how to add certificate to trusted root windows 10
  3. Then, click Public Key Policies and Certificate Path Validation Settings to open a Certificate Path Validation Settings Properties window.
    how to add certificate to trusted root windows 10
  4. Click the Stores tab and select the Define these policy settings check box, then tick its two checkboxes.
    how to add certificate to trusted root windows 10
  5. Select the Third-Party Root CAs and Enterprise Root CAs checkboxes and press the Apply then OK buttons to confirm.
  6. Press the Win key + R hotkey, type certmgr.msc in Run’s text box, and hit Enter.
  7. Click Trusted Root Certification Authorities, right-click Certificates, select All Tasks, and Import.
  8. Press the Next button, click Browse, and select the digital certificate root file saved to your HDD.
  9. Press Next again to select Automatically select the certificate store based on the type of certificate option.
  10. Then you can press Next and Finish to wrap up the import wizard. A window will open, confirming that the import was successful.

Most Windows 10 users have no idea how to edit the Group Policy. Learn how you can do it by reading our simple article.

If you don’t have the Group Policy Editor on your Windows PC, get it right now in just a couple of easy steps with our guide on installing the Group Policy Editor on Windows 10.

2. Install Trusted Root Certificates with the Microsoft Management Console

1. Press the Win key + R hotkey to open the Run dialog.

2. Input mmc in Run and press Enter to open the window below.

access microsoft management console in run

3. Click File and then select Add/Remove Snap-ins to open the window in the snapshot below.

add or remove snapins mmc windows 10

4. Next, you should select Certificates and press the Add button.

5. A Certificates Snap-in window opens from which you can select Computer account >Local Account, and press the Finish button to close the window.

6. Then press the OK button in the Add or Remove Snap-in window.

7. Now you can select Certificates and right-click Trusted Root Certification Authorities on the MMC console window as below.

trusted root certification authorities

8. Then you can click All Tasks > Import to open the Certificate Import Wizard window.

9. From the Certificate Import Wizard window, you can add the digital certificate to Windows.

You can also install root certificates on Windows 10/11 with the Microsoft Management Console. The process is easy and simple, and the console can be accessed via the Run dialog.

If Microsoft Management Console can’t create a new document, follow our guide’s easy steps to solve the issue.

Can’t load the Microsoft Management Console? Our step-by-step guide will help you sort things out.

How to add the certificate to Trusted Root Certification Authorities store using the command line?

  1. Press Windows + R, type cmd, and hit Ctrl + Shift + Enter.
  2. Type the script below and hit Enter (Substitute your certificate’s path for C:\Users\Downloads and your certificate’s name for mycertificate):
    certutil -addstore root C:\Users\\Downloads\mycertificate.cer

Now you’ve installed a new trusted root certificate in Windows 10. Similarly, you can add many more digital certificates to that OS and other Windows platforms.

Ensure that the third-party digital certificates come from trusted CAs, such as GoDaddy, DigiCert, Comodo, GlobalSign, Entrust, and Symantec.

If you have any more suggestions or questions, leave them in the comments section below, and we’ll certainly check them out.

More about the topics: Windows 10 Guides