CertUtil Windows Update gives me 430+ certificates?

Asked Feb 04 '22 at 02:53

Active Feb 04 '22 at 02:53

Viewed 186 times

There are several well known methods of downloading certificate lists from Microsoft, including certutil -generateSSTfromWU c:\my_cert\

Doing that (or just downloading authrootstl.cab) gives me a collection of more than 400 root certificates.

Now, I know that none of my connected servers have that many certificates loaded: and I just looked at a Win10 workstation and it has ~90 trusted root certificates and around 70 third-party root certificates.

Why is it so? How many trusted root certificates does Windows start with, and why is there this much larger list?

asked Feb 04 '22 at 02:53

user165568

Windows includes the most common root CA's. There's no linkage with what ships with Windows, and the authorities that have qualified and are registered with the Trusted Root CA program. – Greg Askew Feb 04 '22 at 03:41
in total, there is around 400 trusted roots in Windows Root Program. Someone just unloaded the full CTL into certificate store. – Crypt32 Feb 04 '22 at 07:45

CertUtil Windows Update gives me 430+ certificates?

0 Answers0