June 2011 Root Update

Updated June 29, 2011

Return to Root CA Members Page

In June 2011 Microsoft adds 4 new root certificates from two certification authorities (CAs) to distribution via the Windows Root Certificate Program.

New CA

Welcome to the Government of South Africa, South African Post Office (SAPO) Trust Centre.  SAPO issues personal certificates to the general public in South Africa to bring legal status to electronic transactions.

New Root Certificate

We add one new root certificate from an existing member of the Program, AS Sertifitseerimiskeskus (SK) of Estonia.

Removed Root Certificates

Microsoft has not removed any root certificates from distribution in this root update.

Root Certificate Summary Table
CA Name CA Root Name CA Root Size Signature Hash CA Root Expires Thumbprint (click to download certificate from Windows Update)
AS Sertifitseerimiskeskus
Estonia		 EE Certification Centre Root CA 2048 SHA1 Tuesday, ‎December ‎17, ‎2030 4:59:59 PM c9 a8 b9 e7 55 80 5e 58 e3 53 77 a7 25 eb af c3 7b 27 cc d7
Government of South Africa, South African Post
South Africa
 SAPO Class 2 Root CA 2048 SHA1 ‎Friday, ‎September ‎13, ‎2030 5:00:00 PM ed b3 cb 5f b4 19 a1 85 06 62 67 e5 79 15 54 e1 e2 8b 63 99
Government of South Africa, South African Post
South Africa
 SAPO Class 3 Root CA 4096 SHA1 ‎Friday, ‎September ‎13, ‎2030 5:00:00 PM b1 b2 36 4f d4 d4 f5 2e 89 b2 d0 fa f3 3e 4d 62 bd 96 99 21
Government of South Africa, South African Post
South Africa
 SAPO Class 4 Root CA 4096 SHA1 ‎Friday, ‎September ‎13, ‎2030 5:00:00 PM cc 7e a2 92 af 87 15 d7 4c a4 b4 15 f3 20 15 4b 24 f5 65 fd


Errors & Omissions

Do you see an error in any of the information above? Contact me here, and I will investigate and correct it. I cannot guarantee total accuracy of this data, but I will commit to correcting errors when they are pointed out to me.

 

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

EXPLANATION OF TERMS

CA Name indicates the CA who currently operates the CA Root Name with the unique Thumbprint and CA Root expiration date indicated. Over time CA root certificates have changed hands, and this resource attempts to identify the current CA owner. Each Current CA owner should contain a hyperlink to the CA's website, where you can obtain additional information about their root certificates and their certificate policies.

Country is the main country from which the CA operates.

CA Root Name is the common name applied to the root certificate, which may or may not also indicate the name of the CA.

CA Root Size is the modulus of the RSA algorithm - typically 1024-bit, 2048-bit, or 4096-bit RSA. In the future you may see reference to other algorithms such as ECC or ECDSA.

Signature Hash indicates the hash algorithm chosen by the CA for this root certificate - MD2, MD5, SHA1, or SHA2 (SHA256). The hash algorithm used to issue end-use certificates may not be the same as the hash algorithm used for the root certificate. As of January 15, 2009 for example, to Microsoft's knowledge no CA issues MD5 end-use certificates from any MD5 root certificate distributed by the Windows Root Certificate Program. However, root certificates using the MD5 algorithm may still be distributed by the Program, to allow for certificate chain building for previously signed code and certain SSL-protected websites.

CA Root Expires is the expiration date of the root certificate, after which the CA cannot issue any more end-use certificates from it. Root certificates are typically kept in distribution after expiration by the Program until the last of these end-use certificates expires.

Thumbprint is the hash value which uniquely identifies the root certificate in question. It can be confirmed in the actual root certificate by examining the certificate properties (Details), under the Thumbprint field. NEW Each thumbprint contains a hyperlink to the Windows Update website, where you can access the actual root certificate, download and examine its certificate properties.