How to Limit the Number of Trusted Certificate Authorities in IIS

ID: Q216485


The information in this article applies to:
  • Microsoft Internet Information Server version 4.0

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

Internet Information Services (IIS) 4.0 ships with a number of trusted Certificate Authorities (CA). You may want to remove some of these trusted Certificate Authorities to ensure that only certain ones are used. To do this, follow the steps listed in the section below.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

  1. Start Registry Editor (Regedt32.exe).


  2. Locate the following key in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHA
    NNEL\CertificationAuthorities


  3. When you see a list of all the trusted Certificate Authorities, highlight one of the Certificate Authorities listed that you do not want to trust.


  4. With the name highlighted, click Edit, and then click Delete.


  5. When you are asked to confirm that you want to delete this entry, click Yes.


  6. Repeat the previous steps until you have a list of all of the CA names that you want to trust.


Note: In order for this change to take effect, you must restart the IIS computer.

Additional query words: CA IIS

Keywords :
Version : winnt:4.0
Platform : winnt
Issue type : kbhowto


Last Reviewed: April 6, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.