Disable a Root Certificate in Windows MMC

SSL.com wants you to be able to manage your own security architecture whenever possible, and thus presents here a method for disabling a root certificate in Windows using Microsoft Management Console (or MMC). Note that you may need to run MMC with Administrator privileges to follow the instructions below.

WARNING! Manually messing about with root certificates is serious juju and can cause serious and unpleasant problems.  Remember to always back up your computer before proceeding with any of the steps below. We completely believe your computer should be yours to fix or break – however, SSL.com cannot guarantee the steps given below will not cause other serious problems, and is not liable for any issues that arise from following these instructions.

To Disable a Root Certificate with MMC:

Here’s how to disable a root certificate in Microsoft Management Console.

  1. Open MMC by pressing the Windows key on your keyboard and then typing “MMC”…


    …then hit Enter or double-click the icon to start the application.


  2. In MMC, select File > Add/Remove Snap-In (or type control-M).


  3. Add the “Certificates” Snap-In.
  4. Select “Computer Account” and click the Next button…


    …then select “Local computer”, then the Finish button.


  5. Click OK to close the Add/Remove Snap-In wizard.
  6. In MMC, click the arrow next to “Certificates (Local Computer)” to reveal the various certificate stores, then click the arrow next to your target certificate, and finally click the “Certificates” folder.

    NOTE: In this example, we are disabling a self-signed certificate named “USERTrust RSA Certification Authority” in the root store, but the same steps can be used to disable the Superfish certificate – look for “Superfish” or “VisualDiscovery” in the target certificate.


  7. In the list of certificates, look for your target entry (here, “USERTrust RSA Certification Authority”).
  8. Right-click the target entry and select “Properties” from the dropdown menu.
  9. In the Properties panel, select “Disable all purposes for this certificate”, then click Apply to implement the changes and OK to close the panel.


  10. Now restart your Windows computer to have your changes take effect.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.