Windows Local Certificate Report

In this guide, you will learn how to use the Local Certificates Report Tool to report on server’s locally installed certificates. This is a simple solution to creating an inventory of installed windows certificates and finding expired ones. The tool will report on certificates from the following stores:

Personal
Trusted Root Certification Authorities
Trusted Publishers

Requirements:

The remote registry Windows service needs to be started on the target computers.
Windows servers this service is set to automatic by default.
Windows client computers (10/11) the service is disabled by default.

Step 1. Open Local Certificate Tool

Click on “Security Tools” > Local Certificates Report

local cert report

Step 2. Select computers to scan

By default, all computers will be scanned. “Click “Browse” to select an OU or click “Search” to select a specific computer.

Click “Run” to start the scan.

local cert report example

The report includes the following columns:

Computer
Store Name
Issued To
Issued By
Expiration Date
Friendly Name
Status
Thumbprint

You can export the report by clicking the “Export” button.