Configures EMET certificate pinning. Click the "Pinned Sites" and "Pinning Rules" buttons to configure sites and rules.
Pinned Sites:
In each row, specify a site to pin in the left column, and the name of a pinning rule in the right column, with an optional + in front of it.
Place a minus sign in front of the rule name to make the rule inactive for that site.
Example:
www.microsoft.com +VerisignRootRule1
tailspintoys.com -AnyVerisignRootRule
Pinning Rules:
In each row, provide the name of a pinning rule in the left column, and rule specifications in the right column, separated by semicolons.
Rule specifications can include:
* One or more certificate thumbprints, separated by semicolons. (Certificate "thumbprints" are also sometimes called "fingerprints.")
* The words BLOCK or WARN, indicating whether the rule should block access to the site on cert validation failure or just display a warning.
* The word "expiration:" followed by the date when the rule should stop being enforced, in yyyy-mm-dd format.
Example:
VerisignRootRule1 BLOCK; expiration:2017-08-31; 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
AnyVerisignRootRule WARN; expiration:9999-12-31; 742C3192E607E424EB4549542BE1BBC53E6174E2,4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Configures EMET certificate pinning. Click the "Pinned Sites" and "Pinning Rules" buttons to configure sites and rules.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\EMET\CertPinning\Sites |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |
In each row, specify a site to pin in the left column, and the name of a pinning rule in the right column.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\EMET\CertPinning\Rules |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |
In each row, provide the name of a pinning rule in the left column, and one or more certificate thumbprints in the right column, separated by commas. (Certificate "thumbprints" are also sometimes called "fingerprints.")