Theoretically, you could apply the following method: Delete all root CA certificates except the ones that are absolutely needed by Windows itself, as indicated here.. Install the current list of trusted root CA from the current package.Note that validation of this package requires that you still trust one of the "necessary" root CA, which is why you must keep them in the first step.
To install the Entrust Trusted Root, complete the following steps: 1. Copy and paste the Entrust Trusted Root (including the BEGIN and END tags) into a text editor such as Notepad. Save the file with a .cer extension (for example, root.cer). 2. Using the keytool utility, enter the following: The HTTPS-Only Standard - Certificates Web browsers are generally set to trust a pre-selected list of certificate authorities (CAs), and the browser can verify that any signature it sees comes from a CA in that list. The list of trusted CAs is set either by the underlying operating system or by the browser itself. Clients cannot make connections if you require client Note In Windows Server 2003, the list of certificate authorities cannot exceed 12,228 (0x3000) bytes. When you update root certificates, the list of trusted certificate authorities may increase significantly. Therefore, the list may become too long. In this case, Windows truncates the list. This behavior may cause problems with authorization. TLS 1.2 Communication Problems with Excessive Root If the Windows Trusted Root Certification Authorities container grows too large, then it can exceed the Schannel security package limit. Currently, the maximum size of the trusted certificate authorities list that the Schannel security package supports is 16 kilobytes (KB).
List of available trusted root certificates in macOS
Dec 23, 2010 How to add a trusted CA certificate to Chrome and Firefox Right-click Trusted Root Certification Authorities and choose Import. Click Next. Click Browse, then browse to and select the CA certificate you copied to this computer. Understanding Server SSL Trusted Certificate Authorities
Dec 18, 2018
Apr 22, 2015