February 2019 Deployment Notice (19/February) - Microsoft Trusted Root Program
On Tuesday, March 5th, 2019, Microsoft will release a planned update to the Microsoft Trusted Root Certificate Program.
This release will remove the following root (Root Certificate \ SHA-1 Thumbprint):
- SECOM Trust Systems CO LTD \ FEB8C432DCF9769ACEAE3DD8908FFD288665647D
This release will disable the following roots:
- Certipost E-Trust Primary Normalised CA \ A59C9B10EC7357515ABB660C4D94F73B9E6E9272
- Certipost E-Trust Primary Qualified CA \ 742CDF1594049CBF17A2046CC639BB3888E02E33
- Japan Certification Services, Inc. SecureSign RootCA1 \ CABB51672400588E6419F1D40878D0403AA20264
- Japan Certification Services, Inc. SecureSign RootCA2 \ 00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099
- Japan Certification Services, Inc. SecureSign RootCA3 \ 8EB03FC3CF7BB292866268B751223DB5103405CB
- Root CA Generalitat Valenciana \ A073E5C5BD43610D864C21130A855857CC9CEA46
- Skaitmeninio sertifikavimo centras, Lithuania (5A5A) \ 5A5A4DAF7861267C4B1F1E67586BAE6ED4FEB93F
- Starfield Technologies Inc. \ 5D003860F002ED829DEAA41868F788186D62127F
- StartCom Certification Authority \ 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
- StartCom Certification Authority G2 \ 31F1FD68226320EEC63B3F9DEA4A3E537C7C3917
- Swisscom Root CA 1 \ 5F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51
- VAS Latvijas Pasts SSI(RCA) \ 086418E906CEE89C2353B6E27FBD9E7439F76316
- WoSign \ B94294BF91EA8FB64BE61097C7FB001359B676CB
- WoSign China \ 1632478D89F9213A92008563F5A4A7D312408AD6
- WoSign ECC \ D27AD2BEED94C0A13CC72521EA5D71BE8119F32B
- WoSign G2 \ FBEDDC9065B7272037BC550C9C56DEBBF27894E1
This release will NotBefore all EKUs for the following roots:
- VI Registru Centras RCSC \ 971D3486FC1E8E6315F7C6F2E12967C724342214
- ANF AC \ CEA9890D85D80753A626286CDAD78CB566D70CF2
- ANF Global Root CA \ 5BB59920D11B391479463ADD5100DB1D52F43AD4
This release will NotBefore the server authentication EKU for the following roots:
- Saudi National Root CA \ 8351509B7DF8CFE87BAE62AEB9B03A52F4E62C79
Windows 10 allows us to stop trusting roots or EKU's using the "NotBefore" or "Disable" properties, both of which allow us to remove certain capabilities of the root certificate without complete removal. These features are not available on versions prior to Windows 10. Earlier versions of Windows will be unaffected by this change. The update package will be available for download and testing at https://aka.ms/CTLDownload
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for