Microsoft has announced it will be removing some root certificates from its Trusted Root Certificate Program, after some Certificate Authorities (CAs) decided to pull out or could not meet the company's newly upgraded requirements.
The Microsoft Trusted Root Certificate Program is a list of root certificates that are installed on all Windows devices. These certificates allow a Windows device to automatically trust an Internet connection or software application, without pestering the user with warnings or popups.
Legitimate software vendors and website owners, usually choose to deploy certificates issued by CAs that are part of the Microsoft Trusted Root Certificate Program, to be sure their products will be trusted on all Windows devices.
In June 2015, Microsoft decided to update its venerable Trusted Root Certificate Program and support more strict and technically superior requirements.
Stricter auditing forces some Certificate Authorities to pull out
"This past spring, we began engaging with Certificate Authorities (CA) to solicit feedback and talk about upcoming changes to our Trusted Root Certificate Program. Among other things, the changes included more stringent technical and auditing requirements," said Aaron Kornblum, Enterprise & Security Group Program Manager, Governance, Risk Management & Compliance at Microsoft. "Through this effort, we identified a few partners who will no longer participate in the program."
Now, as the year is coming to a close, Microsoft is finally making the list of trusted certificates available. This new list will come into effect starting January 2016.
Twenty root certificates have been removed from this list, which can be viewed in detail at the end of this article.
CA | Root Name | SHA1 Thumbprint |
Certigna | Certigna | B12E13634586A46F1AB2606837582DC4ACFD9497 |
Ceska Posta | PostSignum Root QCA 2 | A0F8DB3F0BF417693B282EB74A6AD86DF9D448A3 |
CyberTrust | Japan Certification Services, Inc. SecureSign RootCA1 | CABB51672400588E6419F1D40878D0403AA20264 |
CyberTrust | Japan Certification Services, Inc. SecureSign RootCA2 | 00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099 |
CyberTrust | Japan Certification Services, Inc. SecureSign RootCA3 | 8EB03FC3CF7BB292866268B751223DB5103405CB |
DanID | DanID | 8781C25A96BDC2FB4C65064FF9390B26048A0E01 |
E-Certchile | E-Certchile Root CA | C18211328A92B3B23809B9B5E2740A07FB12EB5E |
e-Tugra | EBG Elektronik Sertifika Hizmet Saglayicisi | 8C96BAEBDD2B070748EE303266A0F3986E7CAE58 |
e-Tugra | E-Tugra Certification Authority | 51C6E70849066EF392D45CA00D6DA3628FC35239 |
LuxTrust | LuxTrust Global Root CA | C93C34EA90D9130C0F03004B98BD8B3570915611 |
Nova Ljubljanska | NLB Nova Ljubljanska Banka d.d. Ljubljana | 0456F23D1E9C43AECB0D807F1C0647551A05F456 |
Post.Trust | Post.Trust Root CA | C4674DDC6CE2967FF9C92E072EF8E8A7FBD6A131 |
Secom | SECOM Trust Systems Co Ltd. | 36B12B49F9819ED74C9EBC380FC6568F5DACB2F7 |
Secom | SECOM Trust Systems CO LTD | 5F3B8CF2F810B37D78B4CEEC1919C37334B9C774 |
Secom | SECOM Trust Systems CO LTD | FEB8C432DCF9769ACEAE3DD8908FFD288665647D |
Serasa | Serasa Certificate Authority I | A7F8390BA57705096FD36941D42E7198C6D4D9D5 |
Serasa | Serasa Certificate Authority II | 31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD |
Serasa | Serasa Certificate Authority III | 9ED18028FB1E8A9701480A7890A59ACD73DFF871 |
Wells Fargo | WellsSecure Public Certificate Authority | E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE |
Wells Fargo | WellsSecure Public Root Certification Authority 01 G2 | B42C86C957FD39200C45BBE376C08CD0F4D586DB |