Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

What is Root Certificate: How to Remove it from OS, Browsers & Mobiles?

Here’s How to Remove Root Certificates From Apple, Android, Microsoft, Mozilla

Looking for instructions to remove a root certificate? You’re reading the right article. Here, we will guide you through how to remove it. But, before we jump into it, let’s first understand the root certificate.

What Is a Root Certificate?

Digital certificates, also called SSL/TLS Certificates, are chained back to a trusted root certificate. It’s known as certificate chaining, which is used for establishing trust.

Whenever you’re visiting the website, for the safety purpose of user’s browsers are taught to stay doubtful. It doesn’t trust the website freely, no matter which website you’re trying to access. Whenever you visit the website, firstly browser will verify that the digital certificate is installed and it’s chained to its trusted root. It’s one of the reasons why website owners are asked to install intermediate certificates along with the SSL, as it works as a helping hand to complete the certificate chain.

To put it another way, a Root Certificate is a special type of X.509 digital certificate issued by the trusted certificate authorities (CAs) like Sectigo, DigiCert, and Comodo to issue other certificates. Besides, these certificates have a much longer validity period compared to those of end-user or leaf SSL/TLS Certificate, which comes with the one- and two-year validity period.

Here’s Why You Should Remove a Root Certificate

Root Certificates are the foundation for achieving authentication and security. It’s issued by the certificate authority, which helps in verifying software or website owner is who they say they are. But again, if any cybercriminal gets hold of the private key, which belongs to any root certificate, it can become dangerous. Because with the help of a root certificate, attackers can generate their own certificates and sign them using the private key. And, if that root certificate is in the Root Certificate Store, then it will trust all the end leaf certificates signed by that private key, which can lead to attacks such as MITM (Man-in-the-Middle) or malware installation. So, due to such scenarios, it’s recommended to distrust the root certificate by removing it from the list.

How to Remove a Root Certificate?

If there’s any compromised root certificate or any other problem, then it’s evident that the Trusted Root Certificate of operating system and browsers are going to remove it in their next update, so till that you’re left with two options, first wait for the next update or else remove it on your own.

Removing a root certificate from the trusted store is quite straight, but before moving further, I would like to warn. Be careful. Playing around with root certificates can lead to severe issues. So, it’s recommended that first, you make a proper back up of your computer before moving ahead as we’ll not be held responsible if anything goes wrong.

Ok, now let’s get started. Here in this article, we’ll share steps of the significant root stores of operating systems and web browsers like Microsoft, Apple, Mozilla Firefox, and Android root store. It’s also worth to note that Google Chrome, the most popular browser around the globe, uses the root store of the OS used by your system.

Here’s How to Remove a Root Certificate From Microsoft Windows 10/8

  • Click the Start or Windows button and type “MMC” in the run box. It will launch your Microsoft Management Console.
  • Select Add/Remove Snap-In option from the File menu.
  • From the left field, select the Certificates and in that click “Add.”
  • On the next window, select “Computer Account” and then “Local Computer” and click OK button.
  • Select the arrow beside “Certificates (Local Computer),” it will show the certificate stores.
  • Select the arrow button, which is beside the Root Certificate you’d like to remove or disable, and click the folder named “Certificates.”
  • Now, look for the certificate you’re looking to delete from the list and right-click on that certificate and select “Properties.”
  • Choose the option “Disable all purpose for this certificate” and click Apply button.
  • All steps are done, now restart your computer.

Here’s How to Remove a Root Certificate From Microsoft Windows 7

It’s almost similar like above Microsoft Windows 10/8, with little difference:
  • Open Microsoft Management Console by typing “MMC” in the run box.
  • Choose Add/Remove Snap-In from the File menu.
  • In the console tree, click Certificates that contain the root certificate you’re looking to delete.
  • Select that certificate you’re going to distrust and delete.
  • Select Action option from the menu and click Delete.
  • Finally, click Yes and restart your computer.

Here’s How to Remove a Root Certificate on Apple

For deleting a root certificate from an Apple machine, you’ll need administrator rights to gain access to your trust store. Nonetheless, be careful as one mistake can lead to severe issues.
  • With the Finder, click Go and select Utilities option (Shortcut: Press Shift + Command + U).
  • Double-click and open KeyChain Access and select System Roots.
  • Search for the root certificate you’re looking to delete and double click on it.
  • Select “When using this certificate” and choose the option “never trust” from the window, which pops up under “Trust.”

Here’s How to Remove a Root Certificate on Mozilla Firefox

Mozilla Firefox is the browser that has its own proprietary trust store, and it’s maintained individually by the Mozilla organization. To remove a root certificate, follow the below steps to access its trust store through the browser:
  • In your latest installed Mozilla Firefox (Ver. 71.0), open Menu and go to “Options.”
  • Select Privacy & Security. On the right side, scroll down to the bottom and select “View Certificates.
  • Certificate Manager will open in that select the tab “Authorities.”
  • Under the Authorities tab, select the root certificate and click on the “Delete or Distrust” button and click the “OK” button if you’re sure.

Here’s How to Remove a Root Certificate From an iPad and iPhone

Mobile devices have become an essential part similar to desktop computers, so there’s nothing new that security standards will also increase equally, and among them, the task of chaining certificates and trust verification is no different. It’s possible, and occasionally you might be forced to manage root certificates on your iPhone or iPad. So, here’s the below steps:
  • From the Home Screen, go to Settings and select General.
  • Select the option Profile (If you don’t find any profile, there’s nothing to delete).
  • Select the Profile you want to delete.
  • Select the Delete Profile option.
  • If prompted, enter your passcode.
  • For confirmation once again, select the Delete option.

Here’s How to Remove a Root Certificate From an Android Device

Android has its own trust store like Mozilla Firefox, which is managed by them. Follow the below steps to remove a root certificate:
  • Open the Settings section and select Security.
  • Select Trusted Credentials
  • Select the certificate you’re looking to remove.
  • Finally, press Disable.

Wrapping Up

To sum it up, root certificates are intended to improve security. So, it must be clear that messing around with them without any specific reason is not a good choice, as it can lead to some serious security issues, which can create a problem in your browsing experience. However, here we have explained regarding all the four major root stores, namely, Microsoft and Apple. Mozilla maintains its root store and an Android root store as well.
Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More