How to install Windows 10 root certificates

Matthew Adams By: Matthew Adams
3 minute read

Home » Fix » How to install Windows 10 root certificates

Root certificates are public key certificates that help your browser determine whether communication with a website is genuine and is based upon whether the issuing authority is trusted and if the digital certificate remains valid. If a digital certificate is not from a trusted authority, you’ll get an error message along the lines of “There is a problem with this website’s security certificate” and the browser might block communication with the website.

Windows 10 has built-in certificates and automatically updates them. However, you can still manually add more root certificates to Windows 10 from certificate authorities (CAs). There are numerous certificate issuing authorities, with Comodo and Symantec among the best known.

How do I add Windows 10 root certificates manually?

  1. Install certificates from trusted CAs
  2. Install Certificates with the Microsoft Management Console

Method 1: Install certificates from trusted CAs

This is how you can add digital certificates to Windows 10 from trusted CAs.

  1. First, you’ll need to download a root certificate from a CA. For example, you could download one from the GeoTrust site.
  2. Next, open Local Security Policy in Windows by pressing the Win key + R hotkey and entering ‘secpol.msc’ in Run’s text box. Note that Windows 10 Home edition doesn’t include the Local Security Policy editor.
  3. Then, click Public Key Policies and Certificate Path Validation Settings to open a Certificate Path Validation Settings Properties window.
  4. Click the Stores tab and select the Define these policy settings check box.
  5. Select the Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates options if they’re not already selected.
  6. You should also select the Third-Party Root CAs and Enterprise Root CAs checkbox and press the Apply > OK buttons to confirm the selected settings.
  7. Next, press the Win key + R hotkey and enter ‘certmgr.msc’ in Run’s text box to open the window shown in the snapshot directly below. That’s the Certification Manager which lists your digital certificates.certificates manager
  8. Click Trusted Root Certification Authorities and right-click Certificates to open a context menu.
  9. Select All Tasks > Import on the context menu to open the window shown below.certificate import wizard
  10. Press the Next button, click Browse, and then select the digital certificate root file saved to your HDD.
  11. Press Next again to select the Automatically select the certificate store based on the type of certificate option.
  12. Then you can press Next > Finish to wrap up the import wizard. A window will open confirming that “the import was successful.



Method 2: Install Certificates with the Microsoft Management Console

  1. You can also add digital certificates to Windows with the Microsoft Management Console. Press the Win key + R hotkey and input ‘mmc’ in Run to open the window management console
  2. Click File and then select Add/Remove Snap-ins to open the window in the snapshot below.console root mmc
  3. Next, you should select Certificates and press the Add button.
  4. A Certificates Snap-in window opens from which you can select Computer account > Local Account, and press the Finish button to close the window.
  5. Then press the OK button in the Add or Remove Snap-in window.
  6. Now you can select Certificates and right-click Trusted Root Certification Authorities on the MMC console window as below.import root certificate
  7. Then you can click All Tasks > Import to open the Certificate Import Wizard window from which you can add the digital certificate to Windows.




Now you’ve installed a new trusted root certificate in Windows 10. You can add many more digital certificates to that OS and other Windows platforms in a similar manner. Just make sure that the third-party digital certificates come from trusted CAs, such as GoDaddy, DigiCert, Comodo, GlobalSign, Entrust and Symantec.

Editor’s Note: This post was originally published in April 2017 and has been since completely revamped and updated for freshness, accuracy, and comprehensiveness.


Join our community
windows report logo

Join our community of over 2 million active users and get the latest and most important Windows content on your email address.


Next up

Fix: Windows 10 not showing disk drive

Elsie Otachi By: Elsie Otachi
7 minute read

Whenever you encounter an issue such as Windows 10 not showing disk drive, or you cannot find or see it under File Explorer, there are […]

Continue Reading

Fix: Windows Defender won’t turn on in Windows 10

Ivan Jenic By: Ivan Jenic
5 minute read

Often we hear people complaining that they cannot turn on Windows Defender in Windows 10, so today we’ve decided to share with you a few […]

Continue Reading

Windows 10 PC stuck on restart? Here are 4 ways to fix it

Andrew Wafer By: Andrew Wafer
4 minute read

Restarting your Windows 10 device should be an intuitive task. However, due to certain reasons the reboot/restart process might cause some problems. More exactly, it […]

Continue Reading