Certificate Store Migration
During a computer upgrade or a computer-to-computer migration, the certificates in certain certificate stores will be migrated. The following table lists the certificate stores that are migrated by default. For the system Automatic Certificate Request Settings (ACRS) store, only the certificate trust lists (CTLs) are migrated. For all other stores listed below, only the certificates are migrated.
System/user | Store | Storage location |
---|---|---|
${ROWSPAN8}$System${REMOVE}$ |
ROOT | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates |
MY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates |
|
REQUEST | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Request\Certificates |
|
TrustedPublisher | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates |
|
TrustedPeople | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates |
|
Disallowed | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates |
|
CA | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates |
|
ACRS | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ACRS\CTLs |
|
User${REMOVE}$ |
ROOT | HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates |
MY | file:\\%APPDATA%\Microsoft\SystemCertificates\My\Certificates | |
REQUEST | file:\\%APPDATA%\Microsoft\SystemCertificates\Request\Certificates | |
TrustedPublisher | HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates |
|
TrustedPeople | HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates |
|
Disallowed | HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates |
|
CA | HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates |
Other certificate stores created by applications are not migrated by default. Applications that create their own stores are responsible for migration of the stores that they create. To create stores, we recommend that you define a registry key in the application settings and create a store within the registry settings by using the CERT_STORE_PROV_REG store provider. For more information about migrating application settings, see the USMT guide at User State Migration Tool (USMT). (This resource may not be available in some languages and countries or regions.)