February 2012 Root Update

Updated February 28, 2012

Return to Root CA Members Page

Microsoft welcomes two new certification authorities (CAs) to the Windows Root Certificate Program in February.  We have also added and removed certificate attributes to root certificates from a number of existing CAs.  And one existing root certificate has been enabled to support the issuance of
Extended Validation (EV) SSL certificates.

NEW CAs

Microsoft welcomes two new CAs to the Program in February:

Government of Sweden (Försäkringskassan)The Swedish Social Insurance Agency (Försäkringskassan) issues certificates in support of social insurance benefits in Sweden and the EU.

Personal I.D ltd (Israel) – Personal I.D ltd provides customers with Signing Certificates under the Israeli electronic Signature law.

 

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

Government of Sweden (Försäkringskassan)

Sweden

Swedish Government Root Authority v1

 2048

SHA1

Sunday, April 14, 2030 5:43:19 AM

‎‎11 e1 9b bc 74 7b 1a ed 0d b8 33 c9 4c ac 6c 3f 85 bd eb db

Personal I.D ltd

Israel

PersonalID Trustworthy RootCA 2011

 4096

SHA256

Sunday, ‎September ‎01, ‎2041 12:45:16 AM

‎‎43 94 ce 31 26 ff 1a 22 4c dd 4d ee b4 f4 ec 1d a3 68 ef 6a

 

NEW CERTIFICATE ATTRIBUTES

Microsoft also modifies as follows the certificate attributes for root certificates for existing member CAs:

Comodo (USA) – Rename the “COMODO Certification Authority” Friendly Name to “COMODO.”



Network Solutions (USA) – Rename the “Network Solutions Certificate Authority” Friendly Name to “Network Solutions.”



VeriSign (USA) – Remove the Server Authentication, Code Signing, and Time Stamping EKUs from the “Class 1 Public Primary Certification Authority”; remove the Time Stamping EKU from the “Class 3 Public Primary Certification Authority.”



Verizon Business (USA) – Add the Code Signing and Client Authentication EKUs to the “Baltimore CyberTrust Root.”

 

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

 

 Comodo Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png.

USA

COMODO Certification Authority Root

2048

SHA1

‎Tuesday, ‎December ‎31, ‎2030 4:59:59 PM

ee 86 93 87 ff fd 83 49 ab 5a d1 43 22 58 87 89 a4 57 b0 12

Network Solutions Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

USA

Network Solutions Certificate

Authority

2048

SHA1

‎‎Tuesday, ‎December ‎31, ‎2030 4:59:59 PM

‎‎71 89 9a 67 bf 33 af 31 be fd c0 71 f8 f7 33 b1 83 85 63 32

 

VeriSign Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

USA

Class 1 Public Primary Certification Authority

1024

SHA1

Wednesday, ‎August ‎02, ‎2028 4:59:59 PM

ce 6a 64 a3 09 e4 2f bb d9 85 1c 45 3e 64 09 ea e8 7d 60 f1 Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

 

VeriSign Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

USA

Class 3 Public Primary Certification Authority

 

1024

SHA1

‎Wednesday, ‎August ‎02, ‎2028 4:59:59 PM

a1 db 63 93 91 6f 17 e4 18 55 09 40 04 15 c7 02 40 b0 ae 6b Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

 

Verizon Business

USA

Baltimore CyberTrust Root

2048

SHA1

Monday, May 12, 2025 4:59:00 PM

d4 de 20 d0 5e 66 fc 53 fe 1a 50 88 2c 78 db 28 52 ca e4 74

 





Extended Validation (EV) SSL CAs

In addition, CA TurkTrust (Turkey) has an existing root certificate enabled to support the issuance of Extended Validation (EV) SSL certificates Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png.

CA Name

Country

CA Root Name

CA Root Size

Signature Hash

CA Root Expires

Thumbprint (click to download certificate from Windows Update)

TurkTrust Description: http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png

Turkey

TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı

 2048

SHA1

‎Friday, ‎December ‎22, ‎2017 10:37:19 AM

f1 7f 6f b6 31 dc 99 e3 a3 c8 7f fe 1c f1 81 10 88 d9 60 33

 

REMOVED ROOT CERTIFICATES

Microsoft has not removed any root certificates from distribution in this root update.

 

Do you see an error in any of the information above? Contact me here, and I will investigate and correct it. I cannot guarantee total accuracy of this data, but I will commit to correcting errors when they are pointed out to me.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

EXPLANATION OF TERMS

CA Name indicates the CA who currently operates the CA Root Name with the unique Thumbprint and CA Root expiration date indicated. Over time CA root certificates have changed hands, and this resource attempts to identify the current CA owner. Each Current CA owner should contain a hyperlink to the CA's website, where you can obtain additional information about their root certificates and their certificate policies.

Country is the main country from which the CA operates.

CA Root Name is the common name applied to the root certificate, which may or may not also indicate the name of the CA.

CA Root Size is the modulus of the RSA algorithm - typically 1024-bit, 2048-bit, or 4096-bit RSA. In the future you may see reference to other algorithms such as ECC or ECDSA.

Signature Hash indicates the hash algorithm chosen by the CA for this root certificate - MD2, MD5, SHA1, or SHA2 (SHA256). The hash algorithm used to issue end-use certificates may not be the same as the hash algorithm used for the root certificate. As of January 15, 2009 for example, to Microsoft's knowledge no CA issues MD5 end-use certificates from any MD5 root certificate distributed by the Windows Root Certificate Program. However, root certificates using the MD5 algorithm may still be distributed by the Program, to allow for certificate chain building for previously signed code and certain SSL-protected websites.

CA Root Expires is the expiration date of the root certificate, after which the CA cannot issue any more end-use certificates from it. Root certificates are typically kept in distribution after expiration by the Program until the last of these end-use certificates expires.

Thumbprint is the hash value which uniquely identifies the root certificate in question. It can be confirmed in the actual root certificate by examining the certificate properties (Details), under the Thumbprint field. Each thumbprint contains a hyperlink to the Windows Update website, where you can access the actual root certificate, and download and examine its certificate properties.