Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Disable Certificate Transparency enforcement for specific URLs
Supported versions
- On Windows and macOS since 77 or later
Description
Disables enforcing Certificate Transparency requirements for the listed URLs.
This policy lets you not disclose certificates for the hostnames in the specified URLs via Certificate Transparency. This lets you use certificates that would otherwise be untrusted, because they weren't properly publicly disclosed, but it makes it harder to detect mis-issued certificates for those hosts.
Form your URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322. Because certificates are valid for a given hostname, independent of the scheme, port, or path, only the hostname part of the URL is considered. Wildcard hosts are not supported.
If you don't configure this policy, any certificate that should be disclosed via Certificate Transparency is treated as untrusted if it's not disclosed.
This policy does not work as expected with file://* wildcards.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- List of strings
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CertificateTransparencyEnforcementDisabledForUrls
- GP name: Disable Certificate Transparency enforcement for specific URLs
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
contoso.com
.contoso.com
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls
- Path (Recommended): N/A
- Value name: 1, 2, 3, ...
- Value type: List of REG_SZ
Example registry value
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls\1 =
contoso.com
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls\2 =
.contoso.com
Mac information and settings
- Preference Key name: CertificateTransparencyEnforcementDisabledForUrls
- Example value:
<array>
<string>contoso.com</string>
<string>.contoso.com</string>
</array>