Microsoft KB Archive/838427

= The best practices for managing trusted certificate authorities in Windows Server 2003 =

Article ID: 838427

Article Last Modified on 2/15/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





INTRODUCTION
This article describes the best practices for managing trusted certificate authorities (CAs) in Microsoft Windows Server 2003.



MORE INFORMATION
Microsoft maintains a list of trusted third-party commercial CAs to ensure secure and usable e-commerce for Microsoft Windows users. These CAs validate the identity and entitlement of an applicant. As an output of this process, these CAs issue the applicant a digital certificate. To better protect Microsoft customers from security issues that are related to the use of public key infrastructure (PKI) certificates, Microsoft maintains the Microsoft Root Certificate Program. This program defines and standardizes the criteria that the CAs must meet to be included in Microsoft products.

For more information about the Microsoft Root Certificate Program, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/news/rootcert.mspx

To view the current list of organizations who are participants in the Microsoft Root Certificate Program, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms995347.aspx

Note Microsoft uses an independent third-party audit (WebTrust for Certificate Authorities), and other technical requirements to make sure that their customers have access to trustworthy CAs because not all CAs follow the same operational practices.

For information about how to turn off automatic updating of trusted root authority certificates, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/library/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e1033.mspx?mfr=true

For information about how to disable trust of user-selected root CAs for a Windows Server 2003 domain, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/library/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e1033.mspx?mfr=true

Keywords: kbsecurityservices kbwinservnetwork kbinfo KB838427

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.