Article ID: 293781
Article Last Modified on 11/29/2007
APPLIES TO
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Premium
- Windows Vista Home Basic
- Windows Vista Ultimate
- Windows Vista Business 64-bit Edition
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q293781
INTRODUCTION
As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, the root certificates that are listed in the "More Information" section in this article are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them.
MORE INFORMATION
Necessary and trusted root certificates
The follow certificates are necessary and trusted in Windows Vista and in Windows Server 2008:
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
| Microsoft Root Certificate Authority | Microsoft Root Certificate Authority | 79ad16a14aa0a5ad4c7358f407132e65 | 5/9/2021 | All | Microsoft Root Certificate Authority | R |
The follow certificates are necessary and trusted in Windows XP and in Windows Server 2003:
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
| Copyright (c) 1997 Microsoft Corp. | Copyright (c) 1997 Microsoft Corp. | 01 | 12/30/1999 | Time Stamping | Microsoft Timestamp Root | R |
| Microsoft Authenticode(tm) Root Authority | Microsoft Authenticode(tm) Root Authority | 01 | 12/31/1999 | Secure E-mail, Code Signing | Microsoft Authenticode(tm) Root | R |
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | 4a19d2388c82591ca55d735f155ddca3 | 1/7/2004 | Time Stamping | VeriSign Time Stamping CA | R |
| VeriSign Commercial Software Publishers CA | VeriSign Commercial Software Publishers CA | 03c78f37db9228df3cbb1aad82fa6710 | 1/7/2004 | Secure E-mail, Code Signing | VeriSign Commercial Software Publishers CA | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
| Microsoft Root Certificate Authority | Microsoft Root Certificate Authority | 79ad16a14aa0a5ad4c7358f407132e65 | 5/9/2021 | All | Microsoft Root Certificate Authority | R |
The follow certificates are necessary and trusted in Microsoft Windows 2000:
| Issued to | Issued by | Serial number | Expiration date | Intended purposes | Friendly name | Status |
| Copyright (c) 1997 Microsoft Corp. | Copyright (c) 1997 Microsoft Corp. | 01 | 12/30/1999 | Time Stamping | Microsoft Timestamp Root | R |
| Microsoft Authenticode(tm) Root Authority | Microsoft Authenticode(tm) Root Authority | 01 | 12/31/1999 | Secure E-mail, Code Signing | Microsoft Authenticode(tm) Root | R |
| Microsoft Root Authority | Microsoft Root Authority | 00c1008b3c3c8811d13ef663ecdf40 | 12/31/2020 | All | Microsoft Root Authority | R |
| NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. | 4a19d2388c82591ca55d735f155ddca3 | 1/7/2004 | Time Stamping | VeriSign Time Stamping CA | R |
| VeriSign Commercial Software Publishers CA | VeriSign Commercial Software Publishers CA | 03c78f37db9228df3cbb1aad82fa6710 | 1/7/2004 | Secure E-mail, Code Signing | VeriSign Commercial Software Publishers CA | R |
| Thawte Timestamping CA | Thawte Timestamping CA | 00 | 12/31/2020 | Time Stamping | Thawte Timestamping CA | R |
Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there is an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate be validated. As long as expired certificates are not revoked, they can be used to validate anything that was signed before their expiration.
For more information about how to remove root certificates from the store, click the following article number to view the article in the Microsoft Knowledge Base:
293819 How to remove a root certificate from the Trusted Root Store
Keywords: kbenv kbinfo KB293781
