How to Remove a Root Certificate
1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.00 out of 5)
Loading...

How to Remove a Root Certificate

Instructions for removing roots for Apple, Microsoft, and Mozilla.

Need to know how to remove a root certificate? You’re in the right place.

Digital Certificates, but for our explicit purposes, SSL Certificates, all have to be chained back to a trusted root certificate. This is called certificate chaining and it’s the way trust is established.

When you’re on the internet your browser has been taught to be skeptical—it doesn’t just grant trust freely to whatever website it stumbles across. When your browser arrives at a website that presents a digital certificate, it checks to make sure that the certificate chains back to a trusted root. This is why you may sometimes be asked to install intermediate certificates along with your SSL—you’re helping to complete the certificate chain.

To aid in this chaining process on the browser side, each of the major browsers has a trusted root store that contains a set of pre-downloaded X.509 certificates (that’s a fancy way of saying Digital Certificates). These roots are all highly-guarded, owned by Certificate Authorities that store their private keys offline on private hardware tokens in highly-secured data centers. There are four major root stores, Apple and Microsoft each have one as OSs. Mozilla maintains its own root store. And there’s also an Android root store as well. It’s also worth noting that Google Chrome, America’s most popular browser, uses the root store provided by whatever OS you’re using.

The browsers may not trust any random digital certificate, but they trust the roots in their trust store and as long as your certificate chains back to one of those, the browsers will afford it trust, too.

But what happens when something goes wrong with one of those roots? What happens when you need to distrust one? While the browsers will work to remove the root from the list in their next update, you may need to remove the root now. So how do you do it?

Here are step-by-step instructions on how to remove a root certificate from Windows, Apple, Mozilla and then one iPhone and Android phone, too.

how to remove a root certificate

How to Remove a Root Certificate from Windows 10/8

Removing a Root Certificate from the Windows trust store is fairly straightforward, but before we go any further I want to add a quick disclaimer. Be careful. Messing with your root certificates can cause serious issues.  We recommend that you back up your computer before proceeding with any of the following steps. We will not be held liable for any issues that arise from following these instructions.

Ok, now that we’re done with that, let’s get started.

  1. Press the Windows or Start button, then type “MMC” into the run box. This will launch Microsoft Management Console.
  2. Select File, then Add/Remove Snap-In
  3. Select “Certificates” from the field on the left, then click Add.
  4. On the next window, choose “Computer Account,” then select “Local Computer,” click OK.
  5. In MMC, select the arrow beside “Certificates (Local Computer),” this will reveal the certificate stores.
  6. Select the arrow beside the Root Certificate you would like to remove/disable, the click the “Certificates” folder.
  7. Find the certificate you’re trying to delete in the list, right-click it and choose “Properties.”
  8. Select “Disable all purposes for this certificate,” click Apply.
  9. Now, just restart your machine.

How to Remove a Root Certificate from Windows

We got asked how to remove a root certificate on Windows 7 recently, so we’ve updated this article with instructions on removing roots on the Windows 7 OS.

  1. Press the Windows or Start button, then type “MMC” into the run box. This will launch Microsoft Management Console
  2. Select File, then Add/Remove Snap-In
  3. Click the Certificates heading in the console tree that contains the root certificate to you want to delete.
  4. Select the certificate that you want to delete.
  5. In the Action menu, click Delete.
  6. Click Yes.
how to remove a root certificate

How to Remove a Root Certificate on Apple

When deleting a root certificate on an Apple machine, much like with Windows, you will need to have administrator access in order to access your trust store. Once again, you can mess up your machine this way if you’re not careful—so be careful.

  1. With the Finder selected, click Go and select Utilities (alternatively, press Shift + Command + U)
  2. Double-click on KeyChain Access, select System Roots.
  3. Find the root certificate you want to delete and double-click on it.
  4. In the window that pops up, under “Trust,” select “When using this certificate” and choose “never trust.”

how to remove a root certificate

How to Remove a Root Certificate on Mozilla

Unlike Google Chrome, Mozilla’s Firefox browser uses its own proprietary trust store that is maintained by individuals at the Mozilla organization. In order to remove a root, you’ll have to access the trust store through your browser.

  1. Click on the Firefox menu and then select Options.
  2. Select Advanced and then click on the “Certificates” tag.
  3. Click View Certificates.
  4. Select the “Authorities” tab, find the Root Certificate you would like to delete, then click the “Delete or Distrust” button.
  5. In the following box, make sure the correct Root Certificate is selected and then click OK.

how to remove a root certificate

How to Remove a Root Certificate from an iPhone or iPad

Mobile devices have overtaken desktop computers as the primary way that most people surf the internet. This means that your phone now has the task of chaining certificates and verifying trust. As such, you may be forced to occasionally manage Root Certificates on your mobile device. Here’s how to do it on an iPhone (iPads, too).

  1. Open your Settings on the Home screen, select General.
  2. Select Profile (if you don’t see any profiles, there’s nothing to delete).
  3. Choose the Profile you want to delete.
  4. Select Delete Profile.
  5. Enter your pass code (if prompted).
  6. Select Delete one more time to confirm.

Related: How to trust manually installed roots in macOS High Sierra

how to remove a root certificate

How to Remove a Root Certificate from an Android Device

Finally, Android. Android phones have their very own trust store, which needs to be managed just like any other. Here’s how to do it.

  1. Open your Settings, select Security.
  2. Choose Trusted Credentials.
  3. Select the certificate you’d like to remove.
  4. Press Disable.

Boom! We saved the easiest for last.

I hope this helps you, as always if you have any questions leave them in the comments section and I’ll be happy to answer them for you.

7 comments
  • Thank you so much. I was so annoyed by the notification of my network being monitored by a survey app that wasn’t even monitoring me anymore. Also learned very useful things

  • i have a android and i disabled the trusted credentials an estimated 106 and when i want to us internet browser or apps like social media or youtube too there is a message that its offline when online also on th internet the message says i can not use it because phishing or spam and scams its untrustworthy

  • I think I’ve messed up. I deleted the System Root Certificate Authority because my Firefox kept telling me it cannot work because of it. Maybe there was a virus involved in that because nothing would work anymore.
    But after deleting the root certificate authority no internet browser functions anymore; I guess it’s needed to trust the data flow. What should I do?!!? How can I get it back?
    I’m thankful for all help!!

    • It really depends on whether you have Firefox configured to use its own root store or your operating system’s root store. If you’re using Firefox’s, you should be able to just uninstall and reinstall Firefox and it will be fine. Just make sure you get rid of the settings you’ve saved so nothing holds over.

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Patrick Nohe

Hashed Out's Editor-in-Chief started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. He also designs the visuals for Hashed Out and serves as the Content Manager for The SSL Store™.