Open MMC Certificate Manager for the local computer (referred from now on as to as CertManager in this doc)
- Log into the Windows IdP instance
- Run 'mmc.exe'
- File menu -> Add/Remove Snap-in...
- select 'Certificates', add, Computer account, Local computer, OK
More detailed instructions: Add the Certificates Snap-in to an MMC Unless otherwise stated, all settings should be left as default - screenshots show the more complex changes required as appropriate