How to Limit the Number of Trusted Certificate Authorities in IIS

• Microsoft Internet Information Server version 4.0

SUMMARY

Internet Information Services (IIS) 4.0 ships with a number of trusted Certificate Authorities (CA). You may want to remove some of these trusted Certificate Authorities to ensure that only certain ones are used. To do this, follow the steps listed in the section below.

MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

1. Start Registry Editor (Regedt32.exe).



2. Locate the following key in the registry:
   
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHA
   NNEL\CertificationAuthorities



3. When you see a list of all the trusted Certificate Authorities, highlight one of the Certificate Authorities listed that you do not want to trust.



4. With the name highlighted, click Edit, and then click Delete.



5. When you are asked to confirm that you want to delete this entry, click Yes.



6. Repeat the previous steps until you have a list of all of the CA names that you want to trust.

Additional query words: CA IIS

Keywords          : 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbhowto 

Last Reviewed: April 6, 1999