SSL.com wants you to be able to manage your own security architecture whenever possible, and thus presents here a method for disabling a root certificate in Windows using Microsoft Management Console (or MMC). Note that you may need to run MMC with Administrator privileges to follow the instructions below.
To Disable a Root Certificate with MMC:
Here’s how to disable a root certificate in Microsoft Management Console.
-
Open MMC by pressing the Windows key on your keyboard and then typing “MMC”…
…then hit Enter or double-click the icon to start the application.
-
In MMC, select File > Add/Remove Snap-In (or type control-M).
- Add the “Certificates” Snap-In.
-
Select “Computer Account” and click the Next button…
…then select “Local computer”, then the Finish button.
- Click OK to close the Add/Remove Snap-In wizard.
-
In MMC, click the arrow next to “Certificates (Local Computer)” to reveal the various certificate stores, then click the arrow next to your target certificate, and finally click the “Certificates” folder.
NOTE: In this example, we are disabling a self-signed certificate named “USERTrust RSA Certification Authority” in the root store, but the same steps can be used to disable the Superfish certificate – look for “Superfish” or “VisualDiscovery” in the target certificate.
- In the list of certificates, look for your target entry (here, “USERTrust RSA Certification Authority”).
- Right-click the target entry and select “Properties” from the dropdown menu.
-
In the Properties panel, select “Disable all purposes for this certificate”, then click Apply to implement the changes and OK to close the panel.
- Now restart your Windows computer to have your changes take effect.
