Sometimes when working with an untrusted third party root certificate Windows will automatically delete it. If Windows finds a discrepancy with an intermediate certificate on the server it will check it against their own list of approved SSL’s. If it does not match windows will remove it and log the following in the application log:

Event ID: 4108
Successful auto delete of third-party root certificate

To disable this feature and keep your root certificate installed you can do the following:
1. Click Start -> Run -> “gpedit.msc” -> OK
2. Double click Administrative Templates -> System -> Internet Communication Management -> click Internet Communication settings

3. Double click “Turn off Automatic Root Certificates Update” -> click Disabled -> OK

One Response to “Disable Windows Automatic Root Certificates Updates”

  • Christopher says:

    Please note that the setting should be Enabled, not Disabled as stated above. This is explained very clearly in the setting’s description as well.

    Thanks for this article. 🙂

Leave a Reply