Windows maintains a list of trusted root certificates, which are used when you are visiting websites that use the HTTPS protocol for security. A website using HTTPS will have a security certificate that has usually been signed by some more trusted entity. A site can use a self-signed certificate, but when you first visit such a site your browser will warn you that its certificate can't be verified, though your connectivity will still be encrypted if you visit the site. You then usually have the opportunity to accept that certificate either temporarily or permanently or can choose not to visit the site.
For signed certificates, the trustworthiness of the signer is vital. There may be a certificate chain with the certificate of the site you are viewing having a certificate signed by some entity that in turn had its own certificate signed by an even more trustworthy authority. Eventually, the chain ends at a trusted root certificate. To be safe when visiting sites and providing credentials, such as userids and passwords, you need to have a trusted chain of certificates. It is vital that the root certificates you have on your system belong to very trustworthy authorities. Microsoft distributes a list of trusted root certificates with its operating system and browsers, such as Firefox, may have their ownl list, but some malware, such as Genius Box, will install its own certificate in the Windows trusted root certificates list making a system susceptible to a man-in-the-middle attack as the GeniusBox software also sets itself up as an HTTP and HTTPS proxy on a system it infects.
To view the list of trusted root certificates on a Microsoft Windows system, see Viewing the Trusted Root certificates on a Windows system.
