Microsoft KB Archive/931125

= Microsoft root certificate program members (July 2007) =

Article ID: 931125

Article Last Modified on 10/26/2007

-

APPLIES TO


 * Windows Vista Enterprise 64-bit Edition
 * Windows Vista Home Basic 64-bit Edition
 * Windows Vista Home Premium 64-bit Edition
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Business
 * Windows Vista Business 64-bit Edition
 * Windows Vista Enterprise
 * Windows Vista Home Basic
 * Windows Vista Home Premium
 * Windows Vista Starter
 * Windows Vista Ultimate
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Starter Edition
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Web Edition

-



INTRODUCTION
The table that is included in this article lists the third-party commercial certification authorities (CAs) that are trusted by Microsoft. As a Microsoft Windows user, you can use the listed CAs for secure e-commerce.



MORE INFORMATION
CAs validate the identity and entitlement of an applicant. In this process, the applicant is issued a digital certificate. You can use digital certificates to prove the identity of a remote person or a remote resource.

To verify that Microsoft customers have access to trusted CAs, Microsoft uses &quot;WebTrust for Certificate Authorities&quot; or an equivalent third-party audit tool. Additionally, Microsoft uses other technical requirements to maintain a list of trusted CAs.

New this month
The following CAs were added when this article was updated in July 2007.

Microsoft root certificate program members
The following table lists the Microsoft root certificate program members. The list includes new CAs that support Extended Validation (EV) certificates in Windows Internet Explorer 7.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For more information about the Microsoft root certificate program requirements, visit the following Microsoft TechNet Web site:

http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=true

For more information about the support for EV certificates in Internet Explorer 7, visit the following Web site:

http://blogs.msdn.com/ie/archive/2006/11/07/improving-ssl-extended-validation-ev-ssl-certificates-coming-in-january.aspx

For more information about EV guidelines and EV certificates, visit the following Web site:

http://www.cabforum.org/

How Windows updates root certificates
Microsoft Windows XP, Microsoft Windows Server 2003, and Windows Vista are designed to automatically check the list of trusted CAs on the Microsoft Windows Update Web site. Then, Windows installs root certificates after certificates are validated by an application of the user. For more information about how Windows updates root certificates in Windows Vista, visit the following Web site:

http://technet2.microsoft.com/WindowsVista/en/library/bd925e62-8367-43b6-b2d5-a98de4ba6dbe1033.mspx?mfr=true

For more information about how Windows updates root certificates in Windows Server 2003, visit the following Web site:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/04_s3cer.mspx

For more information about how Windows updates root certificates in Windows XP, visit the following Web site:

http://technet.microsoft.com/en-us/library/bb457160.aspx

For more information about how Windows updates root certificates in Windows Server 2003, visit the following Web site:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/04_s3cer.mspx

Note In Windows Server 2003, the issuer list cannot be greater than 0x3000. When you update root certificates, the list of trusted CAs increases sigficantly in size and may cause the list to grow too long. The list then gets truncated and may cause problems with authorization. This behavior may also cause schannel event ID 36885.



The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Keywords: kbhowto kbinfo kbexpertiseinter KB931125

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.