Microsoft’s Trusted Root Certificate Program will no longer include 20 currently trusted CAs and will remove their root certificates from the Trusted Root CA Store.
“This past spring, we began engaging with Certificate Authorities (CA) to solicit feedback and talk about upcoming changes to our Trusted Root Certificate Program. Among other things, the changes included more stringent technical and auditing requirements,” said Microsoft enterprise and security group program manager Aaron Kornblum.
The company has been working with CAs to help them adjust to the new program prerequisites, but the 20 CAs would not or could not comply with the new requirements.
What does this mean for customers who got their certificates from those CAs?
“If you use one of these certificates to secure connections to your server over https, when a customer attempts to navigate to your site, that customer will see a message that there is a problem with the security certificate,” Kornblum said.
“If you use one of these certificates to sign software, when a customer attempts to install that software on a Windows operating system, Windows will display a warning that the publisher may not be trusted. In either case, the customer may choose to continue.”
Microsoft advises these customers to get a replacement certificate from another CA.
The following chart is a list of the dropped CAs.