Remove or Disable a Root Certificate

What with Lenovo’s widely-misunderstood effort to give consumers more choice by overriding their security settings, your newsfeed is likely chock-a-block with references to “root certificates” and suggestions to remove or disable the one which Superfish uses to do its groovy thing. wants you to have the knowledge you need to remove or disable any unwanted certificate. Below you will find instructions for removing a root certificate in Firefox, Internet Explorer or via Microsoft Management Console (or MMC).

WARNING! Manually messing about with root certificates is serious juju and can cause serious and unpleasant problems.  Remember to always back up your computer before proceeding with any of the steps below. We completely believe your computer should be yours to fix or break – however, cannot guarantee the steps given below will not cause other serious problems, and is not liable for any issues that arise from following these instructions.

Superfish and Root Certificates

Many Lenovo customers are getting a first-hand education (very unwillingly) in what happens when you have an untrusted party hijack a root certificate. For a fuller account of Superfish, please read our article by K. Paul Mallasch on the subject. For our purposes, here are the major points:

  1. Although removing the Superfish program is a phenomenally good idea, the serious security issue caused by Superfish is NOT resolved by simply uninstalling the software – you MUST disable the root certificate installed by Superfish or your system will still be vulnerable.
  2. The Superfish certificate will contain the phrase “Superfish Inc. VisualDiscovery” or just “VisualDiscovery” – suggests you disable any and all entries in your root certificate store with these phrases included.

Removing or Deleting a Root Certificate

Click here for instructions on deleting a root certificate in Firefox.
Click here for instructions on deleting a root certificate in Internet Explorer.
Click here for instructions on disabling a root certificate in Microsoft Management Console.