Introduction to The Microsoft Root Certificate Program

Introduction to The Microsoft Root Certificate Program

KB931125

How Windows Updates Root Certificates

This explains how different versions of Windows will update root certificates by increasingly sophisticated mechanisms.

News

February 21, 2014 - The Windows PKI Blog has a good description of Microsoft's Certificate Reputation as implemented in IE11.







November 12, 2013 - The Windows PKI Blog mentions the Program’s SHA1 Deprecation Policy, listed below in the Section “Algorithm Policies” under the new Program Technical Requirements.



The Security Research and Defense (SRD) Blog now describes the SHA1 Deprecation Policy.  Microsoft Security Advisory 2880823 also gives a bit more detail.

Main Page

Windows Root Certificate Program

This is the main page for the Windows Root Certificate Program. It explains how to qualify and apply for membership in the Program. 

The information on the Main Page regarding technical requirements is superseded by the technical requirements available from the next link.

Program Technical Requirements

This page lists the current Technical Requirements for the Program.



NEW November 11, 2013 - Technical Requirements version 2.0 published.



NEW November 12, 2013 - The SHA1 Deprecation Policy is listed in the Technical Requirements under the Section "Algorithm Policies."

Windows Root CA Members 

This page contains documentation on recent root updates, and a link to the comprehensive Program Members CA List.



NEW November 12, 2013 - The November Root Update is released.

EV Code Signing Certificates

This page contains information on the availability of EV Code Signing certificates and an invitation to Program Members to sign up to issue EV code signing certs.

WSUS Availability

In December 2012 we provide full x86 and x64 availability of the KB931125 root update package via Windows Software Update Services (WSUS) for information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.  The WSUS root update is intended for client versions only.

Audit Requirements

Nov 11, 2013 - First Published in November 2014 on the Program Technical Requirements Page

September 12, 2014 - Moved to its own Audits page

 

A Note on amending these wiki pages







Please don’t amend these pages. I realize that the Spirit of the Wiki ™ is for everyone and everyone to modify wiki content at will. I ask that you do not do so – this wiki is a simple and direct method for me to post information about the Windows Root Certificate Program, and most of the content constitutes static Program requirements which does not allow for public editing. Your edits may wipe out the existing content, and can render it temporarily inaccessible to other readers.

So please, do not amend the Program wiki pages, just to ask me a question or to seek clarification of something posted - email me at casubmit@microsoft.com.   



We're all in this thing together.







Best Regards,

 

Kelvin Yiu, Program Manager

Microsoft Root Certificate Program

Sort by: Published Date | Most Recent | Most Useful
Comments
  • Great article,

  • You have to add a link to this site at technet.microsoft.com/.../cc751157.aspx

    Right now, if you only watch the old "Microsoft Root Certificate Program" site, you never find the newer technical requirements posted here.

Page 1 of 1 (2 items)