Last Updated on December 3, 2023
A chained-back trusted root certificate that works for digital platforms so that the information can be secured and safe is an SSL certificate. People will not trust only any website or internet browser without checking the security and encryption of the information. When the website started running on the internet browser then digital certificates are present in it and they must check for the certificates chain back for making the trusted root. Any random digital certificate is not trusted by the browsers. The digital certificate should be from trusted roots and brands from the reputed and trustworthy organization.
What is a Root Certificate?
The digital certificates are also known as SSL/TLS certificates that are chained back to a trusted root certificate. It is referred to as certificate chaining that helps to establish trust. At the time of visiting the website, the user’s browser taught all the things for safety purposes. The user will not be able to trust the website completely no matter what type of website is or which website the user is accessing. The browser will firstly check and verify at the time of visiting the website that either the website installed a digital certificate or not and its chained back form to its trusted root. This is considered as a reason because which owners of the website are recommended to install the intermediate certificates along with the SSL certificate. It will work as a helping hand so that the certificate chain can be completed.
A special type of X.509 digital certificate is considered as a root certificate which is issued by the trusted certificate authorities (CAs) such as Sectigo, DigiCert, and Comodo. As compared to end-user or leaf SSL/TLS certificates, root certificates consist of a longer validity period. The end-user or leaf SSL/TLS certificates come with only one or two-year validity period.
Why you should Remove a Root Certificate?
The foundation that helps to achieve authentication and security is the root certificates. The certificate authority (CA) issues the root certificate that helps to verify the software and owner of the website. This will clear out the identity of the website owner. If any private key is held by any cybercriminal that belongs to any root certificate, then it can be considered dangerous. This is because by using the root certificate attackers can create their own certificates and sign in with those certificates with the help of a private key. If that root certificate is generated by the attackers present in the Root Certificate Store, then all end leaf certificates trust these which are signed by that particular private key. This will lead to some attacks like MITM (Man-in-the-Middle) or malware installation. This is the reason people recommend to distrust the root certificate by removing it from the list.
How to Remove a Root Certificate?
If any problem occurs or the root certificate is compromised, then it is evident that the Trusted Root certificate of the operating system and browsers needs to be removed in the next update. Now you only have two options left out of which first is to wait for the next update and the second is to remove the root certificate by yourself. It is simple to remove the root certificate from the trusted store but before moving further you have to be careful. Severe issues can occur while playing with the root certificate. So firstly take a proper and complete backup of your computer before going further so that all the data is saved and nothing gets deleted if anything goes wrong. There are some important steps that need to be followed for root stores of operating systems and web browsers such as Microsoft, Apple, Mozilla Firefox, and Android root store. The most popular browser all over the globe named Google Chrome uses the root store of the OS for the system.
Remove a Root Certificate from Microsoft Windows 10/8
- Type MMC in the run box after clicking the Start or Windows button. Microsoft Management Console will launch.
- Click the File menu and select the option Add/Remove Snap-In.
- Select the Certificates from the left-field and click on Add.
- Click on the Computer Account option in the next window and then go to Local Computer and click the OK button.
- Click on the arrow present beside the Certificates (Local Computer) option which will further open the certificate stores.
- For removing or disabling select the arrow button present beside the root certificate and click on the folder named Certificates.
- Search for the certificate which you want to delete from the list and select Properties.
- Select Disable all-purpose for this certificate option and click on Apply button.
- After completing all the steps, restart the computer.
Remove a Root Certificate from Microsoft Windows 7
The process of removing a root certificate from Microsoft Windows 7 is almost similar to Microsoft Windows 10/8 but shows some little difference.
- Type MMC in the run box of Microsoft Management Console.
- Open the File menu and select Add/Remove Snap-In
- Click on the Certificates in the console tree that consist of the root certificate which you want to delete.
- Choose the Certificate which you want to distrust and delete.
- Select the option Action from the Menu and click on the Delete.
- At last, click on Yes and restart the computer.
Remove a Root Certificate on Apple
You need to gain access to the administrator rights from the trust store for deleting a root certificate from an Apple machine.
- Click on the Go in the Finder and select the Utilities option. (Shortcut: Press Shift + Command + U).
- Open the KeyChain Access and double-click on it and further choose the System Roots.
- Find the root certificate which you want to delete and double-click on that.
- Click on When using this certificate and select the option never trust from the window which will further pop up under Trust.
Remove a Root Certificate on Mozilla Firefox
One of the popular browsers Mozilla Firefox has its own proprietary trust store. This store is maintained by the Mozilla organization. There are some steps that need to be followed for removing a root certificate on Mozilla Firefox:
- Open the menu option in the latest installed Mozilla Firefox version 71.0 and go to Options.
- Choose the Privacy and Security option.
- Scroll down the cursor on the right side and select View Certificates.
- Now, Certificate Manage will open up in which you have to select the Authorities option.
- Select the root certificate from the Authority tab and click on the Delete or Distrust option and after that Click the OK button.
Remove a Root Certificate from an iPad and iPhone
Just like a desktop computer, mobile devices have become a very important part of every person’s life and because of this security standard increase gradually. The root certificate can be removed from an iPad and iPhone by following some steps:
- Go to the Settings option in the Home Screen and select General.
- Choose the option Profile.
- Select any Profile which you want to delete.
- Click on the Delete Profile option.
- Enter the passcode.
- Click on the Delete option for confirming.
Remove a Root Certificate from an Android Device
Just like Mozilla Firefox, Android also has its own trust store. There are some steps that need to be followed to remove a root certificate from an Android Device:
- Choose the Security option from the Settings section.
- Select Trusted Credentials.
- Choose the certificate which you want to remove.
- Finally, tap Disable.