Local Certificate Report

Description: In this guide, you will learn how to use the Local Certificates Report Tool to report on server’s locally installed certificates. This is a simple solution to creating an inventory of installed windows certificates and finding expired ones. The tool will report on certificates from the following stores:

  • Personal
  • Trusted Root Certification Authorities
  • Trusted Publishers


  • The remote registry Windows service needs to be started on the target computers.
    • Windows servers this service is set to automatic by default.
    • Windows client computers (10/11) the service is disabled by default.


Step 1. Click on Local Certificates Report from the management tools page.

Step 2. Click Run to scan all domain computers. Click browse to select an OU or group.

The report includes the following columns:

  • Computer
  • Store Name
  • Issued To
  • Issued By
  • Expiration Date
  • Friendly Name
  • Status
  • Thumbprint