October 2011 Root Update

Updated October 25, 2011

Return to Root CA Members Page

Microsoft welcomes three new certification authorities (CAs) to the Windows Root Certificate Program in October.  We have also added new root certificates from a number of existing CAs.  And several root certificates have been enabled to support the issuance of Extended Validation (EV) SSL certificates .

NEW CAs

Microsoft welcomes the following 3 new CAs to the Program:

Atos - The Atos Trustcenter issues certificates primarily to members of the public in Europe.

LuxTrust S.A.  - LuxTrust PKI services are being actively used by the Luxembourg Government and by citizens living and/or working in the Grand-Duchy of Luxembourg.

Government of Spain, Ministerio de Trabajo e Inmigración (MTIN) – The MTIN issues certificates to the government sector and to members of the public in Spain.

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

Atos

Germany

Atos Trusted Root 2011

2048

SHA256

‎Tuesday, ‎December ‎31, ‎2030 4:59:59 PM

2b b1 f5 3e 55 0c 1d c5 f1 d4 e6 b7 6a 46 4b 55 06 02 ac 21

LuxTrust S.A.

Luxembourg

LuxTrust Global Root CA

2048

SHA256

‎Wednesday, ‎March ‎17, ‎2021 2:51:37 AM

c9 3c 34 ea 90 d9 13 0c 0f 03 00 4b 98 bd 8b 35 70 91 56 11

Government of Spain, Ministerio de Trabajo e Inmigración (MTIN)

Spain

AC1 RAIZ MTIN

4096

SHA1

‎Sunday, ‎November ‎03, ‎2019 9:17:45 AM

6a d2 3b 9d c4 8e 37 5f 85 9a d9 ca b5 85 32 5c 23 89 40 71

 

NEW ROOT CERTIFICATES AND CERTIFICATE ATTRIBUTES

Microsoft also adds new root certificates for existing member CAs:

ANCERT (Spain)
Certigna (France)
Comodo (USA/UK/Japan)
Comsign Ltd (Israel)
Government of India, Controller of Certifying Authorities (CCA)
Government of Switzerland,
Bundesamt für Informatik und Telekommunikation (BIT)
Microsoft Corporation (USA)
Network Solutions (USA)

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

Agencia Notarial de Certificación (ANCERT)

Spain

ANCERT Certificados CGN V2

4096

SHA256

‎Saturday, ‎May ‎25, ‎2030 9:31:23 AM

7e b1 a0 42 9b e5 f4 28 ac 2b 93 97 1d 7c 84 48 a5 36 07 0c

Agencia Notarial de Certificación (ANCERT)

Spain

ANCERT Certificados Notariales V2

4096

SHA256

‎Saturday, ‎May ‎25, ‎2030 9:56:14 AM

6f 62 de b8 6c 85 58 5a e4 2e 47 8d b4 d7 6d b3 67 58 5a e6

Certigna

France

Certigna

2048

SHA1

‎Tuesday, ‎June ‎29, ‎2027 8:13:05 AM

b1 2e 13 63 45 86 a4 6f 1a b2 60 68 37 58 2d c4 ac fd 94 97

Comodo

USA

Comodo Certification Authority

2048

SHA1

‎Tuesday, ‎December ‎31, ‎2030 4:59:59 PM

ee 86 93 87 ff fd 83 49 ab 5a d1 43 22 58 87 89 a4 57 b0 12

ComSign

Israel

ComSign Global Root CA

4096

SHA256

‎Wednesday, ‎July ‎16, ‎2036 3:24:55 AM

ae 3b 31 bf 8f d8 91 07 9c f1 df 34 cb ce 6e 70 d3 7f b5 b0

Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)

India

CCA India 2011

2048

SHA256

‎Thursday, ‎March ‎10, ‎2016 11:48:52 PM

be d5 25 d1 ac 63 a7 fc 6a 66 0b a7 a8 95 81 8d 5e 8d d5 64

Government of Switzerland, Bundesamt für Informatik und Telekommunikation (BIT)

Switzerland

Swiss Government Root CA I

4096

SHA256

‎Thursday, ‎February ‎15, ‎2035 1:59:59 AM

a1 58 51 87 15 65 86 ce f9 c4 54 e2 2a b1 5c 58 74 56 07 b4

Government of Switzerland, Bundesamt für Informatik und Telekommunikation (BIT)

Switzerland

Swiss Government Root CA II

4096

SHA256

‎Friday, ‎February ‎16, ‎2035 1:59:59 AM

c7 f7 cb e2 02 36 66 f9 86 02 5d 4a 3e 31 3f 29 eb 0c 5b 38

Microsoft Corporation

USA

Microsoft Root Certificate Authority 2011

4096

SHA256

‎Saturday, ‎March ‎22, ‎2036 3:13:04 PM

8f 43 28 8a d2 72 f3 10 3b 6f b1 42 84 85 ea 30 14 c0 bc fe

Network Solutions

USA

Network Solutions Certificate Authority

2048

SHA1

‎Tuesday, ‎December ‎31, ‎2030 4:59:59 PM

71 89 9a 67 bf 33 af 31 be fd c0 71 f8 f7 33 b1 83 85 63 32

 

CLIENT AUTHENTICATION ATTRIBUTES (NEW)

Microsoft also adds the client authentication attribute to 2 existing roots for 2 CAs in the Program:

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

KEYNECTSIS

France

 

Class 2 Primary CA

 

2048

SHA1

‎Saturday, ‎July ‎06, ‎2019 4:59:59 PM

 

74 20 74 41 72 9c dd 92 ec 79 31 d8 23 10 8d c2 81 92 e2 bb

 

Deutsche Telekom (T-Systems)

Germany

Deutsche Telekom Root CA 2

 

 

 

2048

SHA256

‎Saturday, ‎October ‎01, ‎2033 4:59:59 PM

 

85 a4 08 c0 9c 19 3e 5d 51 58 7d cd d6 13 30 fd 8c de 37 bf

 

 

Extended Validation (EV) SSL CAs

In addition, CAs A-Trust (Austria), Certigna, Network Solutions, and T-Systems (Germany all have root certificates enabled to support the issuance of Extended Validation (EV) SSL certificates .

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

A-Trust

Austria

A-Trust-nQual-03

2048

SHA1

‎Monday, ‎August ‎17, ‎2015 3:00:00 PM

 

d3 c0 63 f2 19 ed 07 3e 34 ad 5d 75 0b 32 76 29 ff d5 9a f2

Deutsche Telekom (T-Systems)

Germany

T-TeleSec GlobalRoot Class 3

2048

SHA256

‎Saturday, ‎October ‎01, ‎2033 4:59:59 PM

55 a6 72 3e cb f2 ec cd c3 23 74 70 19 9d 2a be 11 e3 81 d1

 

 

REMOVED ROOT CERTIFICATES

Microsoft has also removed from distribution the following 2 root certificates belonging to Program member CAs Comodo and Network Solutions, at both CA's request, replacing them with the new root certificates named above.

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint

Comodo

USA

COMODO Certification Authority

66 31 bf 9e f7 4f 9e b6 c9 d5 a6 0c ba 6a be d1 f7 bd ef 7b

Network Solutions

USA

Network Solutions Certificate Authority

74 f8 a3 c3 ef e7 b3 90 06 4b 83 90 3c 21 64 60 20 e5 df ce

 

Do you see an error in any of the information above? Contact me here, and I will investigate and correct it. I cannot guarantee total accuracy of this data, but I will commit to correcting errors when they are pointed out to me.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

EXPLANATION OF TERMS

CA Name indicates the CA who currently operates the CA Root Name with the unique Thumbprint and CA Root expiration date indicated. Over time CA root certificates have changed hands, and this resource attempts to identify the current CA owner. Each Current CA owner should contain a hyperlink to the CA's website, where you can obtain additional information about their root certificates and their certificate policies.

Country is the main country from which the CA operates.

CA Root Name is the common name applied to the root certificate, which may or may not also indicate the name of the CA.

CA Root Size is the modulus of the RSA algorithm - typically 1024-bit, 2048-bit, or 4096-bit RSA. In the future you may see reference to other algorithms such as ECC or ECDSA.

Signature Hash indicates the hash algorithm chosen by the CA for this root certificate - MD2, MD5, SHA1, or SHA2 (SHA256). The hash algorithm used to issue end-use certificates may not be the same as the hash algorithm used for the root certificate. As of January 15, 2009 for example, to Microsoft's knowledge no CA issues MD5 end-use certificates from any MD5 root certificate distributed by the Windows Root Certificate Program. However, root certificates using the MD5 algorithm may still be distributed by the Program, to allow for certificate chain building for previously signed code and certain SSL-protected websites.

CA Root Expires is the expiration date of the root certificate, after which the CA cannot issue any more end-use certificates from it. Root certificates are typically kept in distribution after expiration by the Program until the last of these end-use certificates expires.

Thumbprint is the hash value which uniquely identifies the root certificate in question. It can be confirmed in the actual root certificate by examining the certificate properties (Details), under the Thumbprint field. Each thumbprint contains a hyperlink to the Windows Update website, where you can access the actual root certificate, and download and examine its certificate properties.