July 2019 Deployment Notice (2/July) - Microsoft Trusted Root Program

On Tuesday, July 30th, 2019, Microsoft will release a planned update to the Microsoft Trusted Root Certificate Program.

This release will add the following roots(Root Certificate \ SHA-1 Thumbprint):

  1. Digidentity Services Root CA \ 7B3FB277EE311C1ED560CAB96E4FED775E6A3EED
  2. HiPKI Root CA - G1 \ 6A92E4A8EE1BEC964537E3295749CD96E3E5D260

This release will modify the EV OIDs in the following roots:

  1. Hellenic Academic and Research Institutions ECC RootCA 2015 \ 9FF1718D92D59AF37D7497B4BC6F84680BBAB666
  2. Hellenic Academic and Research Institutions RootCA 2015 \ 010C0695A6981914FFBF5FC6B0B695EA29E912A6

Note

  • Windows 10 allows us to stop trusting roots or EKU's using the "NotBefore" or "Disable" properties, both of which allow us to remove certain capabilities of the root certificate without complete removal. These features are not available on versions prior to Windows 10. Earlier versions of Windows will be unaffected by this change.
  • The NotBefore and Disable dates are set for the first day of the release month. This means that all certificates issued after May 1st will be affected.
  • The update package will be available for download and testing at: https://aka.ms/CTLDownload