Windows 2000 Certificate Services and Public Key Infrastructure |
The Certificates console is an MMC
You can use the Certificates console to perform the following tasks:
For more information about how to use the Certificates console to do these tasks, see Certificate Manager Help.
To add a Certificates console to MMC
– Or –
Press CTRL+M.
The Add/Remove
The Add Standalone
The Certificates
The Certificates console manages the certificate stores for this account.
If you selected My user account, the Add Standalone
If you selected Service account or Computer account, the Select Computer dialog box appears. To manage the local computer, click Next. To manage another computer, either type the domain name of the computer in Another computer, or click Browse to select the computer from a list. Then click Next.
If you selected Computer account, the Add Standalone
If you selected Service account, the Certificates
The Add/Remove
Figure 16.4 shows an example of three Certificates console nodes that have been added to MMC. The first Certificates console node manages certificates for the logged on user. The second Certificates console node manages certificates for the World Wide Web Publishing service for the local computer. The third Certificates console node manages certificates for the local computer itself.
Figure 16.4 Certificates Console
The Certificates console nodes in Figure 16.4 have been expanded to show the logical certificate stores. This is called the Logical display mode. You also have the option of viewing certificates by their physical stores or by their purpose.
To change the display mode, select the Certificates console (such as the Certificates - Current User console). Click View and then click Options. When the View Options dialog box appears, you can choose from the display mode options that are described in Table 16.3.
Table 16.3 View Options Dialog Box
Option | Description |
---|---|
Certificate purpose | Select this option to view certificates in the Purposes display mode, in which certificates are grouped by the intended purpose of the certificates, such as Encrypting File System, File Recovery, and Code Signing. |
Logical certificate stores | Select this option to view certificates in the Logical display mode, in which certificates are grouped by the logical store where they are located. This is the default display mode. |
Physical certificate stores | Select this option to view the physical stores in addition to the logical stores. This option is available for the Logical display mode only. |
Archived certificates | Select this option to view archived certificates. When certificates expire or are renewed, Windows 2000 maintains archives of the certificates and their private keys. Retaining archived certificates is recommended because you might need to use the certificate and its private key later. For example, you might have to verify digital signatures for old documents that were signed with a key for a currently expired or renewed certificate. |