Certificate Store Migration

During a computer upgrade or a computer-to-computer migration, the certificates in certain certificate stores will be migrated. The following table lists the certificate stores that are migrated by default. For the system Automatic Certificate Request Settings (ACRS) store, only the certificate trust lists (CTLs) are migrated. For all other stores listed below, only the certificates are migrated.

System/user Store Storage location
${ROWSPAN8}$System${REMOVE}$
ROOT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates
MY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates
REQUEST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Request\Certificates
TrustedPublisher HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
TrustedPeople HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
Disallowed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
CA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
ACRS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ACRS\CTLs
User${REMOVE}$
ROOT HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates
MY file:\\%APPDATA%\Microsoft\SystemCertificates\My\Certificates
REQUEST file:\\%APPDATA%\Microsoft\SystemCertificates\Request\Certificates
TrustedPublisher HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
TrustedPeople HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
Disallowed HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
CA HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates

 

Other certificate stores created by applications are not migrated by default. Applications that create their own stores are responsible for migration of the stores that they create. To create stores, we recommend that you define a registry key in the application settings and create a store within the registry settings by using the CERT_STORE_PROV_REG store provider. For more information about migrating application settings, see the How To Create a Custom .xml File topic in the Using USMT 3.0 guide at User State Migration Tool 3.0. (This resource may not be available in some languages and countries or regions.)