Certificate pinning configuration

Configures EMET certificate pinning. Click the "Pinned Sites" and "Pinning Rules" buttons to configure sites and rules.

Pinned Sites:
In each row, specify a site to pin in the left column, and the name of a pinning rule in the right column, with an optional + in front of it.
Place a minus sign in front of the rule name to make the rule inactive for that site.
Example:
www.microsoft.com +VerisignRootRule1
tailspintoys.com -AnyVerisignRootRule

Pinning Rules:
In each row, provide the name of a pinning rule in the left column, and rule specifications in the right column, separated by semicolons.
Rule specifications can include:
* One or more certificate thumbprints, separated by semicolons. (Certificate "thumbprints" are also sometimes called "fingerprints.")
* The words BLOCK or WARN, indicating whether the rule should block access to the site on cert validation failure or just display a warning.
* The word "expiration:" followed by the date when the rule should stop being enforced, in yyyy-mm-dd format.
Example:
VerisignRootRule1 BLOCK; expiration:2017-08-31; 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
AnyVerisignRootRule WARN; expiration:9999-12-31; 742C3192E607E424EB4549542BE1BBC53E6174E2,4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

Supported on: Windows 10

Configures EMET certificate pinning. Click the "Pinned Sites" and "Pinning Rules" buttons to configure sites and rules.

Pinned Sites -- enter URLs and rule names:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\EMET\CertPinning\Sites
Value Name{number}
Value TypeREG_SZ
Default Value

In each row, specify a site to pin in the left column, and the name of a pinning rule in the right column.

Pinning Rules -- enter rule names and certificate thumbprints:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\EMET\CertPinning\Rules
Value Name{number}
Value TypeREG_SZ
Default Value

In each row, provide the name of a pinning rule in the left column, and one or more certificate thumbprints in the right column, separated by commas. (Certificate "thumbprints" are also sometimes called "fingerprints.")


emet.admx