Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Administrators can configure the default set of trusted CAs and install their own private CA for verifying software. On how to create a certificate signing request, see the guide “create a certificate signing request using the MMC”.
Note: Be aware that all current user certificate stores except the Current User/Personal store inherit the contents of the local machine certificate stores. For example, if a certificate is added to the local machine Trusted Root Certification Authorities certificate store, all current user Trusted Root Certification Authorities certificate stores (with the above caveat) also contain the certificate.
In a nutshell,
– Trusted Root CA store is for root CA certificates you want to trust. You rarely want to put certificates here due to its security implementation.
– Personal store is for certificates you want to trust. You will put your certificate here.
Note: This can also be done via the command line.
For what a PEM file is, see this link.
On windows, this can be achieved with the following steps below without using a 3rd party tool and there are different ways to accomplish this.
– Ensure the certificate that you would like to convert is first imported to the certificate store. In this way, you can export and save it in the desired format.
– On the Welcome to certificate Import Wizard, Click on Next
– Browse to the file you would like to import and
– Click on Next
Note: Remember to select the wildcard file type, or else this might not work
– Place the certificate in the Personal certificate store.
– Complete the Certificate Import Wizard as shown below
If successfully imported, you will get a certificate Import Wizard Success.
Additional piece if you are interested
The certificate store is central to all certificate functionality. The certificates are managed in the store using functions with a "Cert" prefix. Certificates, CRLs, and CTLs can be kept and maintained in certificate stores. They can be retrieved from a store where they have been persisted for use in authentication processes.
Certificates in a certificate store are normally kept in some kind of permanent storage such as a disk file or the system registry. Certificate stores can also be created and opened strictly in memory. A memory store provides temporary certificate storage for working with certificates that do not need to be kept.