Find Rogue Root Certificates with RootCertificateCheck Tool

RootCertificateCheck is a small program that checks your Windows system for rogue root certificates. These certificates could be installed by malicious programs or might have been compromised by hackers. For example, a few years ago a security breach in DigiNotar systems had resulted in fraudulent certificates. Later on DigiNotar root certificates had to be removed from all the computers through Windows Update. Similarly, in January 2018 there was news of security breach in Equifax systems and the Equifax root certificates were revoked later.

Using the RootCertificateCheck (RCC) program you can find if you have any fraudulent or suspicious root certificates installed in your Windows PC. This program works in Windows 7, Windows 8.x and Windows 10. RCC is a portable program with command line interface that not only scans Windows operating system but also Mozilla Firefox web browser (if it is installed) for suspicious root certificates.

You can just download and run RCC to make it scan your system. It will open a small command line interface window and display the progress as it scans your system. If it finds any “interesting” root certificates, it will show the findings in bright red color and give you  suggestion to distrust these certificates if needed.


If you want to delete or disable these suspicious certificates, you should first research online about them in order to make sure that you do not delete or disable an important root certificate. Removing important root certificates can result in problems when using your Windows PC normally.

If you are completely sure that a root certificate can be disabled safely, then you can launch Certificates Manager. In order to launch Certificates Manager, you can first use hotkey Win+R, type certmgr.msc in the Run dialog and press Enter.

If the root certificates are found to be malicious in Firefox, then you can simply remove your Firefox profile and reinstall Mozilla Firefox all over again.

Our Opinion: RCC can give you a hint about possible fraudulent root certificates installed in your PC. But it does not say for sure if these certificates are malicious. For this reason, it should be used only by advanced Windows users who understand everything about the root certificates.

You can download RCC from