When I look at my certificates using windows explorer.  I see that I have 11 certificates.  Listed in C:\User\ron\appdata\roaming\microsoft\system certificates\My\Certificates.  When I do the following powershell command I only see 3 certificates listed.  The thumbprint for the three that are listed does not match any of the eleven.  I did have a command earlier in the day that listed 5 certificates.  But I can't find that previous command.

How do I list information about these 11 certificates?  Why don't these three certificartes show up in My/certificates?

Thanks

RAC

dir Cert:\CurrentUser\My

    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My


Thumbprint                                Subject
----------                                -------
9FE53615DBA82CB6882603C559C23  CN=PowerShell User
8343057DF7E5ECBC23E9845987AE6  CN=PowerShell User
037E016E7B4197B5E80D35D1A0F1E  CN=PowerShell User

Note: Thumbprint has some numbers deleted

These files are not certificates, they are private key files. Public parts of the certificate are usually stored in registry.

Ok I used the wrong term to describe the 11 items in the My folder.  The question is

why don't the show up when I do dir Cert:\CurrentUser\My

Thanks

RAC

The DIR command only returns certificate objects when typed in the Cert:\CurrentUser\My directory.

The output is the expected output.

Brian

Then how do I tell what the other 8 items in the My folder are associated with?

RAC

Already answered by Vadims.

You are looking at the file system at an unfiltered view.

To view User certificates, use either:

certmgr.msc or DIR in the CERT:\CurrentUser\My folder.

Brian

Yes Vadims said that they are private keys.  But private keys for what?

I'm not very familiar with certificates.  But if I cd to c:\users\ron\appdata\roaming\microsoft\system certificates\certificates\My I see 11 items.  When I do the dir cert:\currentuser\My three items are displayed.

When I use certmgr.msc I see three items in personal. 

> But private keys for what?

for some public keys/certificates. When you run "dir cert:\currentuser\my" command, it returns installed certificates with public keys. If public key in the certificate has associated private key, the private key is stored in the mentioned folder. In other words, public and private keys are not stored in the same place. Public certificate is stored in registry, associated private key in the file system. It is not that easy to map private key to certificate object, as this mapping is controlled by cryptographic service provider. When you delete certificate from the store, the private key is not deleted.

Based on this information, I can suspect that private key folder contains 3 (or less) private key files for installed certificates, the rest files are orphaned keys for already deleted certificates.

Thanks. I ran certmgr.exe and found all 11 items under the personal/certificates.  Some are for powershell.  Some are for <username>  some are for <systemname>\<username>.

Not sure how they were created with systemname/username or just username.  If the certificate was deleted would it show up in the certmgr.exe personal/certificate folder?

Thanks

RAC

> Not sure how they were created with systemname/username or just username

they might be created automatically by some applications and which provide a functionality to autogenerate the certificate if there is no suitable one.

> If the certificate was deleted would it show up in the certmgr.exe personal/certificate folder?

no.

Thanks for all the help.  For what ever reason the last dir cert:\CurrentUser\My is now

showing all eleven items.

RAC