Default CA Certificate and CRL Storage

Applies To: Windows Server 2003 with SP1

During the installation of the root CA, the root certificate is saved to the following locations:

  • \\Localhost\Certenroll

  • \\Locahost\Certconfig

  • The Certificates MY store of the local computer

  • The Trusted Root Certification Authorities container in the local computer registry

The initial CRL is published in the following locations:

  • \\Localhost\Certenroll

  • The Intermediate Certification Authorities container in the registry of the local computer

The CA certificate of the stand-alone CA is stored in the following locations:

  • \\Localhost\Certenroll

  • \\Locahost\Certconfig

  • Certificates store of the local computer. To look at the store, do one of the following:

    • In the Certificates MMC, in the console tree, double-click Certificates (Local Computer), double-click Registry, and then click Certificates.

    • In the Certificates MMC, in the console tree, double-click Certificates (Local Computer), double-click Intermediate Certification Authorities, double-click Registry, and then click Certificates.

The CRL of the root CA should be stored in the following locations:

  • Certificates store of the local computer. To look at the store, do the following:

    • In the Certificates MMC, in the console tree, double-click Certificates (Local Computer), double-click Intermediate Certification Authorities, double-click Registry, and then click Certificate Revocation List

The CRL of the stand-alone CA is stored in the following locations:

  • File share \\Localhost\Certenroll

  • Certificates store of the local computer. To look at the store, do the following:

    • In the Certificates MMC, in the console tree, double-click Certificates (Local Computer), double-click Intermediate Certification Authorities, double-click Registry, and then click Certificate Revocation List