How to Remove Root Certificates from the Trusted Root Store

This article describes how to remove Microsoft's pre-installed,  trusted root certificates from the Trusted Root Store of your Microsoft products.

Removal of the Root Certification Authority makes all certificates that are issued by this Certificate Authority (CA) un trusted, and will require you to make an explicit decision to trust the Certification Authority, when ever you visit a new site.

WARNING: Microsoft have introduced with Windows XP, a capability that allows Microsoft to change, via windows update technologies, your trust points. Additionally this software has removed all warning or pop-up screens that were previously associated with the user acceptance of new trust points. The concept that everyone has to trust a root certificate, just because Microsoft does, is quite bizarre. As the user doesn't see any security dialog boxes or warnings, the effects of any failure could have unknown consequences.
As these technologies enable new trust points to be installed by Microsoft, without your explicit approval, they can circumvent the procedures contained within this article.  Microsoft have also released technology updates for pre-Windows XP platforms to perform the same, or simular functions. We suggest that you carefully consider the issues associated with installing or using this software, as the whole basis upon which you trust organisations or individuals can be made worthless. 


Internet Explorer 5, 5.01, and 5.5

  1. On the Tools menu of Internet Explorer, click Internet Options.

  2. On the Content tab, click Certificates.

  3. On the Intermediate Root Certification Authorities tab, select all certificates (unselect any that you explicitly trust),  and then click Yes.
  4. On the Trusted Root Certification Authorities tab, select all certificates (unselect any that you explicitly trust),  and then click Yes.
  5. Click Close, click OK, and then restart Internet Explorer.

Windows 2000

  1. In Windows 2000, point to Start, and then click Run.
  2. In the Run dialog box, in the Open box, type MMC, and then click OK.

    The Microsoft Management Console (MMC) appears.

  3. In the MMC, on the Console menu, click Add/Remove Snap-in, and then click Add.
  4. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
  5. In the Certificates snap-in dialog box, click Computer Account, and then click Next.
  6. In the Select Computer dialog box, enter the name of the computer for the snap-in to manage.
  7. Click Finish, click Close, and then click OK.
  8. Expand the Certificates node.
  9. Expand Trusted Root Certification Authorities.
  10. Click Certificates.

    The details pane appears, showing all of the root CA certificates that are currently trusted.

  11. Delete the root CA certificates that you do not trust.

Microsoft Trusted Root Certificates

The following certificate is used by Microsoft software, you may consider leaving this certificate or explicitly applying trust when you download Microsoft updates. By removing this certificate you will at least know what is being performed without your explicit trust. There are also a couple of Verisign certificates that are used by Microsoft for code signing, but due to a lack of control by Verisign over its certificate issuing processes these should not be trusted without expert advise. 

Issued to Issued by Expiration Date Intended Purposes Friendly Name Status
Microsoft Root Authority Microsoft Root Authority 12/31/2020 <All> Microsoft Root Authority R

VillageMall aims to provide you accurate and up-to-date information, if any information in this article has changed, please advise us, and we will update.

Thank you..