{"id":9530,"date":"2026-01-07T19:25:48","date_gmt":"2026-01-07T19:25:48","guid":{"rendered":"https:\/\/www.ssls.com\/knowledgebase\/?p=9530"},"modified":"2026-01-07T19:25:49","modified_gmt":"2026-01-07T19:25:49","slug":"how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/","title":{"rendered":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers"},"content":{"rendered":"\n<p>Sometimes, after importing a PKCS#7 certificate with the full chain, Windows server users may receive an &#8220;untrusted connection&#8221; error when trying to visit their sites. It happens most frequently with Sectigo certificates on mobile devices. You can find out why this happens and how to prevent it below.<\/p>\n\n\n\n<p>The newest Sectigo SSL\/TLS certificates with roots named R46 and E46 may include two possible certificate chains:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A \u201cshort chain\u201d ending in the new self-signed root (R46\/E46)<\/li>\n\n\n\n<li>A \u201ccross-signed chain\u201d ending an older, trusted root, such as USERTrust RSA Certification Authority)<\/li>\n<\/ul>\n\n\n\n<p>When there are multiple valid chains, Windows servers (particularly those with Microsoft Internet Information Services, IIS) typically select the shorter chain. However, many older clients, devices, embedded systems, and browsers may not trust the shorter chain. This can cause compatibility issues.<\/p>\n\n\n\n<p>To make sure your certificate works on modern and legacy clients, it\u2019s recommended to avoid using the self-signed root and force the server to choose the cross-signed chain. You can do this by flagging self-signed Sectigo roots as disallowed on Windows.<\/p>\n\n\n\n<p>You can do this with the .reg file provided by Sectigo. This file moves the self-signed R46\/E46 roots into the Windows certificate registry\u2019s Disallowed store. Windows\/IIS will be prevented from ending the chain at those roots, and will have to choose the cross-signed chain instead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to use the .reg file<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.sectigo.com\/knowledge-base\/detail\/Microsoft-IIS-Certificates-not-trusted-widely\/kA0Uj00000051hp\">Download \u201cIISFix-MoveSectigoSelfSignedRoots-Disallowed.reg\u201d<\/a><\/li>\n\n\n\n<li>Run it on your Windows Server with administrator privileges<\/li>\n<\/ul>\n\n\n\n<p>The registry import will add entries under HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\\u2026 This aligns with Sectigo\u2019s R46 &amp; E46 roots thumbprints and flags them as disallowed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"992\" height=\"735\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\" alt=\"\" class=\"wp-image-9531\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png 992w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1-300x222.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1-768x569.png 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1-150x111.png 150w\" sizes=\"auto, (max-width: 992px) 100vw, 992px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To ensure Windows reloads its certificate trust\/chain logic, restart or reload the whole server (not just IIS).<\/li>\n<\/ul>\n\n\n\n<p>If you want to revert this change, you can use Sectigo\u2019s \u201cIISFix-MoveSectigoSelfSignedRoots-Restore.reg\u201d .reg file.<\/p>\n\n\n\n<p><strong>Optional:<\/strong><\/p>\n\n\n\n<p>If the file you download isn\u2019t a .reg file but a .txt extension and UTF-8 encoding, you\u2019ll need to do the following:<\/p>\n\n\n\n<p><strong>Option 1:<\/strong><\/p>\n\n\n\n<p>Remove the .txt extension at the end of the file name and replace it with .reg (for example: IISFix-MoveSectigoSelfSignedRoots-Disallowed.reg.txt &gt; IISFix-MoveSectigoSelfSignedRoots-Disallowed.reg)<\/p>\n\n\n\n<p><strong>Option 2:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a simple text editor to open the file:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"546\" data-id=\"9532\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-1024x546.png\" alt=\"\" class=\"wp-image-9532\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-1024x546.png 1024w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-300x160.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-768x409.png 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-1536x818.png 1536w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2-150x80.png 150w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_2.png 1901w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select \u201cSave as\u201d to save the file and choose the following options:\n<ul class=\"wp-block-list\">\n<li>Save as type: All files<\/li>\n\n\n\n<li>Encoding: ANSI<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Sometimes you might need to change the file name somewhat, for instance, by deleting and retyping a number or letter.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes, after importing a PKCS#7 certificate with the full chain, Windows server users may receive an &#8220;untrusted connection&#8221; error when trying to visit their sites. It happens most frequently with Sectigo certificates on mobile devices. You can find out why this happens and how to prevent it below. The newest Sectigo SSL\/TLS certificates with roots ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,5,12],"tags":[],"class_list":["post-9530","post","type-post","status-publish","format-standard","hentry","category-general-questions","category-ssl-installation-instructions","category-troubleshooting-errors"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com\" \/>\n<meta property=\"og:description\" content=\"Sometimes, after importing a PKCS#7 certificate with the full chain, Windows server users may receive an &#8220;untrusted connection&#8221; error when trying to visit their sites. It happens most frequently with Sectigo certificates on mobile devices. You can find out why this happens and how to prevent it below. The newest Sectigo SSL\/TLS certificates with roots ..Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"SSL Certificate Knowledgebase | SSLs.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SSLsCom\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-07T19:25:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-07T19:25:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\" \/>\n<meta name=\"author\" content=\"sslbizdev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:site\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sslbizdev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\"},\"author\":{\"name\":\"sslbizdev\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\"},\"headline\":\"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers\",\"datePublished\":\"2026-01-07T19:25:48+00:00\",\"dateModified\":\"2026-01-07T19:25:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\"},\"wordCount\":420,\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\",\"articleSection\":[\"General Questions\",\"SSL Installation instructions\",\"Troubleshooting errors\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\",\"name\":\"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\",\"datePublished\":\"2026-01-07T19:25:48+00:00\",\"dateModified\":\"2026-01-07T19:25:49+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ssls.com\/knowledgebase\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"name\":\"SSL Certificate Knowledgebase | SSLs.com\",\"description\":\"SSL Knowledgebase | SSLs.com\",\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\",\"name\":\"SSLs.com\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"width\":400,\"height\":400,\"caption\":\"SSLs.com\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SSLsCom\",\"https:\/\/x.com\/SSLscom\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\",\"name\":\"sslbizdev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"caption\":\"sslbizdev\"},\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/","og_locale":"en_US","og_type":"article","og_title":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com","og_description":"Sometimes, after importing a PKCS#7 certificate with the full chain, Windows server users may receive an &#8220;untrusted connection&#8221; error when trying to visit their sites. It happens most frequently with Sectigo certificates on mobile devices. You can find out why this happens and how to prevent it below. The newest Sectigo SSL\/TLS certificates with roots ..Read more","og_url":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/","og_site_name":"SSL Certificate Knowledgebase | SSLs.com","article_publisher":"https:\/\/www.facebook.com\/SSLsCom","article_published_time":"2026-01-07T19:25:48+00:00","article_modified_time":"2026-01-07T19:25:49+00:00","og_image":[{"url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png","type":"","width":"","height":""}],"author":"sslbizdev","twitter_card":"summary_large_image","twitter_creator":"@SSLscom","twitter_site":"@SSLscom","twitter_misc":{"Written by":"sslbizdev","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#article","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/"},"author":{"name":"sslbizdev","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806"},"headline":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers","datePublished":"2026-01-07T19:25:48+00:00","dateModified":"2026-01-07T19:25:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/"},"wordCount":420,"publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png","articleSection":["General Questions","SSL Installation instructions","Troubleshooting errors"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/","url":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/","name":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers \u2013 HelpDesk | SSLs.com","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png","datePublished":"2026-01-07T19:25:48+00:00","dateModified":"2026-01-07T19:25:49+00:00","breadcrumb":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#primaryimage","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2026\/01\/reg_1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ssls.com\/knowledgebase\/how-to-use-the-sectigo-reg-file-to-move-self-signed-roots-to-disallowed-on-iis-windows-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ssls.com\/knowledgebase\/"},{"@type":"ListItem","position":2,"name":"How to use the Sectigo .reg file to move self-signed roots to Disallowed on IIS\/Windows servers"}]},{"@type":"WebSite","@id":"https:\/\/www.ssls.com\/knowledgebase\/#website","url":"https:\/\/www.ssls.com\/knowledgebase\/","name":"SSL Certificate Knowledgebase | SSLs.com","description":"SSL Knowledgebase | SSLs.com","publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization","name":"SSLs.com","url":"https:\/\/www.ssls.com\/knowledgebase\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","width":400,"height":400,"caption":"SSLs.com"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SSLsCom","https:\/\/x.com\/SSLscom"]},{"@type":"Person","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806","name":"sslbizdev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","caption":"sslbizdev"},"url":"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/"}]}},"publishpress_future_action":{"enabled":false,"date":"2026-06-02 15:57:54","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/9530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/comments?post=9530"}],"version-history":[{"count":1,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/9530\/revisions"}],"predecessor-version":[{"id":9533,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/9530\/revisions\/9533"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/media?parent=9530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/categories?post=9530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/tags?post=9530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}