RootIQ is a new and powerful solution for managing your trusted root certificates on Windows. It offers a number of unique and powerful features: Provide an accurate view of roots trusted by your system (unlike certmgr / certlm.msc which only show currently cached roots) Run exposure analysis to identify suspicious and dormant roots (More detailed reports are on the todo list) Reduce exposure to unneeded roots by apply stricter root sets, such as Google/Mozilla trust stores View accurate country and owner entity information for each root, so you can further minimize your attack surface by distrusting unneeded ones After years of development, a limited beta release is now available at www.metasudo.com. It was initially inspired by the RCC tool (for those who remember it!), but is much more powerful in many ways. More information at www.metasudo.com. The first commercial release (with regular signature updates) will be available soon.