Microsoft KB Archive/247659

From BetaArchive Wiki

Article ID: 247659

Article Last Modified on 6/23/2005


  • Microsoft Internet Information Server 4.0

This article was previously published under Q247659

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:


This article explains how to remove one or more of the Trusted Certification Authorities that Microsoft Internet Information Server (IIS) uses to trust client or other types of certificates.


NOTE: This only applies to Windows NT 4.0 not Windows 2000.

For Re-Installed Certificate Authorities

See Knowledge Base article

216485 How to Limit the Number of Trusted Certificate Authorities

This article shows how to remove pre-installed authorities. These are Trusted Certificate Authorities (TCA's) that were installed with IIS or Microsoft Internet Explorer.

NOTE: In the article above replace step 4 "With the name selected, click Edit, and then click Delete once you have selected the name. Click on the sub-key Enabled and set to "0".

For Post-Install Certificate Authorities

(for third party authorities installed after IIS or Internet Explorer has been installed)

The certificate authorities will not be listed at the registry key mentioned in the above article. You must use Internet Explorer 5.0 to remove the trusted authority from the IIS certificate store.

Here are the steps (for Internet Explorer 5.0 only):

  1. Start Internet Explorer, select Tools and then select Internet Options.
  2. Select the Content tab.
  3. Click the Certificates button.
  4. Select the certificate you want to remove.
  5. Click Remove and then OK.

NOTE: The local certificate store is kept in a hidden part of the registry which is encrypted and cannot be viewed.

Keywords: kbhowto KB247659