Hi Gina Lambert,
I’m following up to check whether the issue has been resolved. Feel free to reply if you need further information. If the information provided was helpful, please click "Accept Answer" to help others in the community. Thank you!
Block certificate install request without blocking the existing connection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 4%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Gina Lambert
0
Reputation points
I have a user who uses a Gemalto Card Reader they plug in daily, each time they plug it in they receive a pop up request to install a root certificate. Every time they do click 'no' and they are able to use the externally connected device without issue, so the cert isn't needed for the use of it.
We have rebuilt the device twice to see if this resolves the issue, as they're the only user reporting this issue, so we initially suspected additional software being installed but that isn't the case.
Is there a way to block these pop ups without blocking the connection of the card reader?
Windows for business | Windows 365 Enterprise
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Jason Nguyen Tran 14,820 Reputation points Independent Advisor2026-04-12T15:35:10.4866667+00:00 -
Jason Nguyen Tran 14,820 Reputation points Independent Advisor
2026-04-10T10:15:08.83+00:00 Hi Gina Lambert,
What’s happening here is that Windows is detecting a root certificate request from the device or its middleware, but since the certificate isn’t required for normal operation, the user can safely decline it. Unfortunately, the system keeps prompting because it treats the request as new each time.
The most effective way to suppress these prompts without blocking the card reader is to adjust Group Policy or local security settings. Specifically, you can disable automatic root certificate updates or configure certificate path validation so that Windows doesn’t prompt the user to install untrusted root certificates. Another option is to use the Trusted Root Certification Authorities store and explicitly block or remove the certificate request so Windows no longer asks about it.
It’s also worth checking whether the Gemalto driver package is fully up to date. Sometimes older middleware versions trigger unnecessary certificate prompts, and updating to the latest driver resolves the issue. If the card reader works fine without the certificate, you don’t need to install it, just suppress the prompt through policy or by managing the certificate store.
In short, the fix is to control certificate prompts via Group Policy or certificate store management, while leaving the card reader connection untouched. This way, the user won’t see the pop‑up anymore, and the device will continue to function normally.
I hope the response provided some helpful insight. If it addressed your issue, please consider marking it as Accept Answer so others facing the same problem can easily find the solution. If you need any further assistance, feel free to leave a comment.
Jason.