Configuring a TLS destination by using the Windows certificate stores

In WinCollect 10.1.2 and later versions, you can change the TLS truststore source that is used to connect to a destination that uses the TLS or mTLS protocols.

About this task

The TLS truststore is the collection of certificates the agent considers to be trusted when validating incoming server certificates during a connection. You can select the source to be used from the TLS truststore source list.

When the default value Use Windows certificate stores is selected, the agent searches the local machine's Windows certificate stores for installed certificates to validate incoming server certificates. If Use provided TLS certificate is selected, the agent uses only the provided certificate file path or contents for validation. This option can be used for the TLS and mTLS protocols.

Before you set up a destination to use the Windows certificate stores, ensure that your certificates are installed on the local machine. Windows has many root certificate authorities installed by default that can be used by the agent without any additional configuration. Otherwise, users can install their own certificates as needed. The certificates can be in any of the local machine's stores, and multiple certificates in a chain do not need to be in the same store. Certificates that are installed for a specific user on the machine are not used. If this option is enabled, the agent automatically pulls certificates from the machine stores on connection, and attempts to use one or more certificates to validate incoming server certificates. You can view and manage certificate stores by using the Manage computer certificates tool on your Windows machine.


  1. Follow the steps to Add a new destination.
  2. Select TLS from the Protocol list.
  3. Select Use Windows certificate stores from the TLS truststore source list.
  4. Click Save.
    The WinCollect agent now attempts to validate incoming server certificates by checking certificates that are installed to the local machine in the Windows certificate stores.