Microsoft Trusted Root Certificate program getting a lot less trusting
Redmond goes 'yoink!' on twenty CAs
Microsoft is cutting the ranks of its Trusted Root Certificate partners in hopes of improving the security of Windows applications.
The Redmond giant said that it would be dropping 20 currently trusted Certificate Authorities (CAs), leaving the applications and sites signed with those certificates untrusted and causing their users to receive warnings when launched.
According to Microsoft, the elimination of the CAs came after the company decided to implement a stricter set of audits and requirements for the Trusted Root Certificate program in June of this year.
With the more stringent requirements now having been in place for several months, Microsoft has begun culling the ranks to remove those who can't, or won't, meet its security requirements.
"Through this effort, we identified a few partners who will no longer participate in the program, either because they have chosen to leave voluntarily or because they will not be in compliance with the new requirements," wrote Microsoft enterprise and security group program manager Aaron Kornblum.
"We encourage all owners of digital certificates currently trusted by Microsoft to review the list and take action as necessary."
The complete list, via Microsoft:
|CA||Root Name||SHA1 Thumbprint|
|Ceska Posta||PostSignum Root QCA 2||A0F8DB3F0BF417693B282EB74A6AD86DF9D448A3|
|CyberTrust||Japan Certification Services, Inc. SecureSign RootCA1||CABB51672400588E6419F1D40878D0403AA20264|
|CyberTrust||Japan Certification Services, Inc. SecureSign RootCA2||00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099|
|CyberTrust||Japan Certification Services, Inc. SecureSign RootCA3||8EB03FC3CF7BB292866268B751223DB5103405CB|
|E-Certchile||E-Certchile Root CA||C18211328A92B3B23809B9B5E2740A07FB12EB5E|
|e-Tugra||EBG Elektronik Sertifika Hizmet Saglayicisi||8C96BAEBDD2B070748EE303266A0F3986E7CAE58|
|e-Tugra||E-Tugra Certification Authority||51C6E70849066EF392D45CA00D6DA3628FC35239|
|LuxTrust||LuxTrust Global Root CA||C93C34EA90D9130C0F03004B98BD8B3570915611|
|Nova Ljubljanska||NLB Nova Ljubljanska Banka d.d. Ljubljana||0456F23D1E9C43AECB0D807F1C0647551A05F456|
|Post.Trust||Post.Trust Root CA||C4674DDC6CE2967FF9C92E072EF8E8A7FBD6A131|
|Secom||SECOM Trust Systems Co Ltd.||36B12B49F9819ED74C9EBC380FC6568F5DACB2F7|
|Secom||SECOM Trust Systems CO LTD||5F3B8CF2F810B37D78B4CEEC1919C37334B9C774|
|Secom||SECOM Trust Systems CO LTD||FEB8C432DCF9769ACEAE3DD8908FFD288665647D|
|Serasa||Serasa Certificate Authority I||A7F8390BA57705096FD36941D42E7198C6D4D9D5|
|Serasa||Serasa Certificate Authority II||31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD|
|Serasa||Serasa Certificate Authority III||9ED18028FB1E8A9701480A7890A59ACD73DFF871|
|Wells Fargo||WellsSecure Public Certificate Authority||E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE|
|Wells Fargo||WellsSecure Public Root Certification Authority 01 G2||B42C86C957FD39200C45BBE376C08CD0F4D586DB|
Following the removal of the CAs in January, certificates from the listed CAs will no longer be valid. Owners of the revoked certificates are being advised by Microsoft to get new certificates from one of the remaining Trusted CAs in order to obtain new, valid certificates. ®