How can you check the installed Certificate Authority in windows 7/8?

To view your certificate stores, run certmgr.msc as described there. The "root" store contains the root CA, i.e. the CA which are trusted a priori. certmgr.msc shows you an aggregate view of all root CA which apply to the current user; internally, there are several relevant stores (the "local machine" stores apply to all users, the "current user" stores are specific to the current user; and there also are "enterprise" stores which are similar to "local machine" but meant to be filled automatically from the AD server of the current domain).

See this page for a list of all CA that Microsoft puts in Windows by default; any discrepancy would be a local variation. The list is occasionally updated, and this is propagated to your computer through the normal Windows update mechanisms.


There is a Microsoft Sysinternals utility that does just that: SigCheck

It has many features and options but what you want is:

sigcheck -tv

and

sigcheck -tuv

-t[u][v] Dump contents of specified certificate store ('*' for all stores). Specify -tu to query the user store (machine store is the default). Append '-v' to have Sigcheck download the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list. If the site is not accessible, authrootstl.cab or authroot.stl in the current directory are used instead, if present.