Computer Configuration > Administrative Templates > Microsoft Edge
Both
HKLM\Software\Policies\Microsoft\Edge
OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 127. X.509 certificates may encode constraints, such as Name Constraints, in extensions in the certificate. RFC 5280 specifies that enforcing such constraints on trust anchor certificates is optional. Starting in Microsoft Edge 112, such constraints in certificates loaded from the platform certificate store will now be enforced. This policy exists as a temporary opt-out in case an enterprise encounters issues with the constraints encoded in their private roots. In that case this policy may be used to temporarily disable enforcement of the constraints while correcting the certificate issues. If you enable this policy or don't configure it, Microsoft Edge will enforce constraints encoded into trust anchors loaded from the platform trust store. If you disable this policy, Microsoft Edge will not enforce constraints encoded into trust anchors loaded from the platform trust store. This policy has no effect if the 'MicrosoftRootStoreEnabled' (Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates) policy is disabled. This policy was removed in Microsoft Edge version 128. Starting with that version, constraints in trust anchors are always enforced.