Policy

Set TLS/SSL security policy for IPP printers

Microsoft Windows

Back to PrintersBack to main
Set TLS/SSL security policy for IPP printers
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Printers
Supported on
At least Windows 11 Version 24H2

Supported OS tags: Windows11

Determines the TLS/SSL security policy (WINHTTP_OPTION_SECURITY_FLAGS) for printers using the Microsoft IPP Class Driver. By default, security policy is set to ignore all certificate errors, allowing use of self-signed certificates for printers. If you enable this setting the system defaults to enabling all certificate checking, disallowing certificate errors. Specific certificate checking can be set with the given checkboxes. If you disable this setting or do not configure it, the default is to ignore all certificate errors (all checkboxes unchecked).

Internal name
ConfigureIppTlsCertificatePolicy
Policy ID
f82c6e32bcd0
Elements
4

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Disallow invalid certificate authority
ID SecurityFlagsBlockUnknownCA
boolean
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockUnknownCA
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Disallow non-server certificates
ID SecurityFlagsBlockCertWrongUsage
boolean
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertWrongUsage
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Disallow invalid certificate common name
ID SecurityFlagsBlockCertCNInvalid
boolean
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertCNInvalid
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Disallow invalid certificate date
ID SecurityFlagsBlockCertDateInvalid
boolean
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertDateInvalid
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Disallow invalid certificate authority
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockUnknownCA
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Disallow non-server certificates
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertWrongUsage
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Disallow invalid certificate common name
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertCNInvalid
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Disallow invalid certificate date
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows NT\Printers\IPP
Value name
SecurityFlagsBlockCertDateInvalid
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0