Monday, 7 September 2015

Disable trusted root cert on Windows without reboot

Source: serverfault.com --- Sunday, September 06, 2015
First a bit of background, in case I'm trying to solve the root problem in the wrong way: I have an SSL cert from WoSign, and http://ift.tt/1oi9nd3 shows that the full chain is not being sent by IIS. This causes a problem on Apple devices, because WoSign is not a trusted root yet. Someone previously assisted with this problem by indicating WoSign's trusted root needs to be disabled on my server. Doing this, and rebooting to make the change take effect, seems to have done the trick. This leads me to this question: Is it possible to disable the cert without rebooting? Is there a command I can run, or a service I can restart, to make the change take effect? I'm concerned that future root cert updates from WU may re-enable the cert I've disabled, and I'd like to be ready with a reboot-less option just in case. I understand disabling root cert updates is another option, but I'd rather go with a rebootless-disable instead if possible. ...



from Windows http://ift.tt/1O7dSCf

No comments:

Post a Comment