Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store (obsolete)
OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge version 127.
Supported versions
- On Windows and macOS since 113, until 127
Description
X.509 certificates may encode constraints, such as Name Constraints, in extensions in the certificate. RFC 5280 specifies that enforcing such constraints on trust anchor certificates is optional.
Starting in Microsoft Edge 112, such constraints in certificates loaded from the platform certificate store will now be enforced.
This policy exists as a temporary opt-out in case an enterprise encounters issues with the constraints encoded in their private roots. In that case this policy may be used to temporarily disable enforcement of the constraints while correcting the certificate issues.
If you enable this policy or don't configure it, Microsoft Edge will enforce constraints encoded into trust anchors loaded from the platform trust store.
If you disable this policy, Microsoft Edge will not enforce constraints encoded into trust anchors loaded from the platform trust store.
This policy has no effect if the MicrosoftRootStoreEnabled policy is disabled.
This policy was removed in Microsoft Edge version 128. Starting with that version, constraints in trust anchors are always enforced.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: EnforceLocalAnchorConstraintsEnabled
- GP name: Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store (obsolete)
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Disabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: EnforceLocalAnchorConstraintsEnabled
- Value type: REG_DWORD
Example registry value
0x00000000
Mac information and settings
- Preference Key name: EnforceLocalAnchorConstraintsEnabled
- Example value:
<false/>