Q: How can I validate the public key infrastructure (PKI) certificates that are in my personal certificate store on my Windows machine?
A: An easy way to validate whether you have valid certificates in your personal certificate store is to use the certutil utility from the command line, like so:
- certutil -verifyStore MY
In this command, the MY verb tells the certutil utility to check the certificates in the personal certificate store of the account that's executing the command. The utility will verify each certificate's expiration date and private key status. It'll also perform an encryption test, revocation check, and certificate chain validation. The certutil utility is included in Windows OSs by default.