Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)

Information

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

When this setting is enabled Microsoft Edge allows connections secured by SHA-1 signed certificates so long as the the certificate chains to a locally-installed root certificate and is otherwise valid.

Note that this policy depends on the operating system (OS) certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates this policy might no longer have effect. Further this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed in Microsoft Edge 92 releasing in mid 2021.If you don't set this policy or set it to false or the SHA-1 certificate chains to a publicly trusted certificate root then Microsoft Edge won't allow certificates signed by SHA-1.This policy is only available on Windows instances that are joined to a Microsoft Active Directory domain or Windows 10 Pro or Enterprise instances enrolled for device management.

Solution

Policy Path: Microsoft Edge
Policy Setting Name: Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-87/ba-p/1950297

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(3)

Plugin: Windows

Control ID: f518a464d5c904871f595983c52920fd9c902b317182f3d6a7ec1eb484241025