Removing root certificates

Except for Linux systems, all other systems such as Apple, Microsoft and Mozilla work with root stores. These root stores are maintained via pushed updates, where as old root certificate will be deleted and new ones will be added.

Though it is possible that one of the root certificates need to be deleted. You could wait until the next update, where this root certificate is removed. You can also disable the root certificate yourself.

Instructions for Windows (Servers)

  1. From the search icon in the Taskbar, type MMC into the run box to launch the Microsoft Management Console (MMC).
  2. From the File menu, select Add/Remove Snap-In.
  3. Select the Certificates module from the area on the left, then click the Add button in the centre.
  4. On the following screen, choose Computer Account, followed by Local Computer, then click OK.
  5. In the MMC window, click beside Certificates (Local Computer) on the arrow icon, this will show the certificate store tree structure.
  6. Open the arrow icon next to Root Certificates, then click the underlying Certificates folder.
  7. Right-click on the certificate that you want to delete, and select Properties.
  8. Check 'Disable all purposes for this certificate', and click Apply.
  9. Restarting the computer is required.

Instructions for MacOS

  1. From the Finder, navigate to the Utilities directory, which can be found in the Application directory (or you can use the keys Shift + Command + U).
  2. Open the application KeyChain Access, and select the Keychain System Roots from the sidebar.
  3. Double-click the root certificate that you want to remove.
  4. From the details windows that opens, choose never trust as setting for When using this certificate under the trust settings.

Instructions for FireFox

  1. After opening FireFox, navigate to the Options from the top right hamburger menu.
  2. Select Privacy & Security and scroll down to Certificates.
  3. Click on the View Certificates button.
  4. Select the Authorities tab, and look for the Root Certificate that you would like to delete.
  5. Select the certificate and click the Delete or Distrust button.
  6. In the resulting dialogue, select the correct Root Certificate and then click OK.

Instructions for iOS

  1. Open the Settings application, and then select General.
  2. Select the Profile containing the Root Certificate that you would like to delete (Pre installed roots cannot be removed).
  3. Tap Delete Profile and enter your device password.
  4. Tap Delete again to confirm.

Instructions for Android

  1. Open the Settings application, and select the Security option.
  2. Navigate to the Trusted Credentials.
  3. Tap on the certificate that you would like to delete.
  4. Tap Disable.


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up