-->
The various root programs are run by the likes Microsoft, Apple, Mozilla and Google. A root program, or root store, is a collection of root CA certificates. Every connected device uses one of these root stores. To be trusted, a CA needs to have its root included in all of these root stores. That’s where the social trust comes in. In August 2010, Symantec acquired Verisign's security business, including Thawte. Thawte is now part of Digicert with its completion of the Symantec web security acquisition. Root certificate untrust. Following Thawte's improper issuance of certificates and a dispute with Google the GeoTrust Root Certificate became untrusted. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs. Intermediate Certificate. Intermediate certificates branch off root certificates like branches of trees.
This article lists the trusted root certificates that are required by Windows operating systems. These trusted root certificates are required for the operating system to run correctly.
Bigsur bluestacks. Applies to: Windows 7 Service Pack 1, Windows Server 2012 R2
Original KB number: 293781
Summary
As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, server, or client. However, the root certificates that are listed in the Necessary and trusted root certificates section in this article are required for the operating system to operate correctly. Removal of the following certificates may limit functionality of the operating system, or may cause the computer to fail. Don't remove them.
Necessary and trusted root certificates
Minitool partition wizard free mac. The following certificates are necessary and trusted in:
- Windows 7
- Windows Vista
- Windows Server 2008 R2
- Windows Server 2008
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
|---|---|---|---|---|---|---|
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
| Microsoft Root Certificate Authority | Microsoft Root Certificate Authority | 79ad16a14aa0a5ad4c7358f407132e65 | 5/9/2021 | All | Microsoft Root Certificate Authority | R |
The follow certificates are necessary and trusted in Windows XP and in Windows Server 2003:
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
|---|---|---|---|---|---|---|
| Copyright (c) 1997 Microsoft Corp. | Copyright (c) 1997 Microsoft Corp. | 01 | 12/30/1999 | Time Stamping | Microsoft Timestamp Root | R |
| Microsoft Authenticode(tm) Root Authority | Microsoft Authenticode(tm) Root Authority | 01 | 12/31/1999 | Secure E-mail, Code Signing | Microsoft Authenticode(tm) Root | R |
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | 4a19d2388c82591ca55d735f155ddca3 | 1/7/2004 | Time Stamping | VeriSign Time Stamping CA | R |
| VeriSign Commercial Software Publishers CA | VeriSign Commercial Software Publishers CA | 03c78f37db9228df3cbb1aad82fa6710 | 1/7/2004 | Secure E-mail, Code Signing | VeriSign Commercial Software Publishers CA | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
| Microsoft Root Certificate Authority | Microsoft Root Certificate Authority | 79ad16a14aa0a5ad4c7358f407132e65 | 5/9/2021 | All | Microsoft Root Certificate Authority | R |
The follow certificates are necessary and trusted in Microsoft Windows 2000:
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
|---|---|---|---|---|---|---|
| Copyright (c) 1997 Microsoft Corp. | Copyright (c) 1997 Microsoft Corp. | 01 | 12/30/1999 | Time Stamping | Microsoft Timestamp Root | R |
| Microsoft Authenticode(tm) Root Authority | Microsoft Authenticode(tm) Root Authority | 01 | 12/31/1999 | Secure E-mail, Code Signing | Microsoft Authenticode(tm) Root | R |
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | 4a19d2388c82591ca55d735f155ddca3 | 1/7/2004 | Time Stamping | VeriSign Time Stamping CA | R |
| VeriSign Commercial Software Publishers CA | VeriSign Commercial Software Publishers CA | 03c78f37db9228df3cbb1aad82fa6710 | 1/7/2004 | Secure E-mail, Code Signing | VeriSign Commercial Software Publishers CA | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there's an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate is validated. As long as expired certificates aren't revoked, they can be used to validate anything that was signed before their expiration.
Public Keys, Private Keys, and Certificates
When performing authentication, SSL uses a technique called public-key cryptography.
Download Verisign Root Certificates
Public-key cryptography is based on the concept of a key pair,which consists of a public key and a privatekey. Data that has been encrypted with a public key canbe decrypted only with the corresponding private key. Conversely,data that has been encrypted with a private key can be decrypted onlywith the corresponding public key.
The owner of the key pair makes the public key available toanyone, but keeps the private key secret.
A certificate verifies that anentity is the owner of a particular public key.
Certificatesthat follow the X.509 standard contain a data section and a signaturesection. The data section includes such information as:
Symantec Verisign Root Certificates
The Distinguished Name of the entity that owns thepublic key
The Distinguished Name of the entity that issued thecertificate
The period of time during which the certificate isvalid
The public key itself
Verisign Root Certificate Download
You can obtain a certificate from a Certificate Authority(CA) such as VeriSign. Alternately, you can createa self-signed certificate, in which the ownerand the issuer are the same.
Verisign Root Certificate Download
An organization that issues certificates can establish a hierarchyof CAs. The root CA has a self-signed certificate. Each subordinateCA has a certificate that is signed by the next highest CA in thehierarchy. A certificate chain isthe certificate of a particular CA, plus the certificates of any higherCAs up through the root CA.