Microsoft boots 20 certificates from Trusted Root Certificate Program

The Redmond giant has wiped out trust for 20 root certificates to an effort to make the Web a little safer.

Microsoft is planning to remove acceptance of 20 root certificates from authorities which do not meet stricter requirements.

On Thursday, Aaron Kornblum, Enterprise & Security Group Program Manager of Governance, Risk Management & Compliance at Microsoft said in a blog post the Microsoft Trusted Root Certificate Program, which takes root certificates supplied by authorized Certificate Authorities (CAs) worldwide, is about to get a lot less trusting.

The Microsoft executive noted that certificates are shipped to user devices after joining the program. These certificates alert users to which programs, apps and websites are trusted by Microsoft, in the hopes of making users aware when they visit potentially malicious or suspicious websites or download software which may damage their systems.

However, the Redmond giant does not feel the program goes far enough to keep users safe, especially in the light of the changing cybersecurity landscape and rising rates of digital threats.

After a period of consultation with CAs, Microsoft has decided to make some changes to the program.

"These crucial modifications will help us better guard against evolving threats affecting websites and the apps ecosystem, but they may impact a small set of customers who have certificates from affected partners," the company says.

Microsoft now enforces a stricter set of rules, technical regulations and auditing practices within the Trusted Root Certificate Program. Any CA which cannot meet the new requirements -- or has chosen to leave the firm's program voluntarily -- will no longer have a digital stamp of approval come January 2016.

In turn, any certificate-dependent systems based on these roots could cause issues such as alerts to customers when they attempt to use HTTPS with a certificate that is no longer trusted, or if a certificate is used to sign software, a customer attempting to install such systems on Windows will also be alerted.

The revoked certificates and authorities are below:


Microsoft recommends that owners of digital certificates review the list and investigate whether or not any of them will impact their own online services. If you find you are affected, you can find a replacement certificate from this list of trusted CAs.

Read on: Top picks