Which certificate stores does CIS scan to check certificates?
I ask because it seems that I have more certificates installed on my computer (shown via the Windows Management Console) than CIS is scanning with a Trusted Ratings scan.
Any clarification as to what is going on here would be great!
So my Trusted Root Certs show having a total of 66 but CIS is showing a total of 64.
Check for “My user account” instead of local computer when you add the certificates snap-in. Also check the amount under the 3rd party root CA store.
So under both Current User and Local Computer:
Trusted Root Certification Authorities - 66
Third-Party Root Certification Authorities - 51
You most likely have excluded some certificates, check your excluded certificates authorities.
I checked that but it’s empty.
Seems there are 2 duplicate certificates (same thumbprint) in my root store.