Help and Support
 

powered byLive Search

Trusted root certificates that are required by Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows XP, and by Windows 2000

View products that this article applies to.
Article ID:293781
Last Review:November 29, 2007
Revision:8.1
This article was previously published under Q293781
On This Page

INTRODUCTION

As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, the root certificates that are listed in the "More Information" section in this article are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them.

Back to the top

MORE INFORMATION

Necessary and trusted root certificates

The follow certificates are necessary and trusted in Windows Vista and in Windows Server 2008:
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Microsoft Root Certificate AuthorityMicrosoft Root Certificate Authority79ad16a14aa0a5ad4c7358f407132e655/9/2021AllMicrosoft Root Certificate AuthorityR

The follow certificates are necessary and trusted in Windows XP and in Windows Server 2003:
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Copyright (c) 1997 Microsoft Corp.Copyright (c) 1997 Microsoft Corp.0112/30/1999Time StampingMicrosoft Timestamp RootR
Microsoft Authenticode(tm) Root AuthorityMicrosoft Authenticode(tm) Root Authority0112/31/1999Secure E-mail, Code Signing Microsoft Authenticode(tm) RootR
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.4a19d2388c82591ca55d735f155ddca31/7/2004Time StampingVeriSign Time Stamping CAR
VeriSign Commercial Software Publishers CAVeriSign Commercial Software Publishers CA03c78f37db9228df3cbb1aad82fa67101/7/2004Secure E-mail, Code SigningVeriSign Commercial Software Publishers CAR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Microsoft Root Certificate AuthorityMicrosoft Root Certificate Authority79ad16a14aa0a5ad4c7358f407132e655/9/2021AllMicrosoft Root Certificate AuthorityR
The follow certificates are necessary and trusted in Microsoft Windows 2000:
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Copyright (c) 1997 Microsoft Corp.Copyright (c) 1997 Microsoft Corp.0112/30/1999Time StampingMicrosoft Timestamp RootR
Microsoft Authenticode(tm) Root AuthorityMicrosoft Authenticode(tm) Root Authority0112/31/1999Secure E-mail, Code Signing Microsoft Authenticode(tm) RootR
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.4a19d2388c82591ca55d735f155ddca31/7/2004Time StampingVeriSign Time Stamping CAR
VeriSign Commercial Software Publishers CAVeriSign Commercial Software Publishers CA03c78f37db9228df3cbb1aad82fa67101/7/2004Secure E-mail, Code SigningVeriSign Commercial Software Publishers CAR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there is an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate be validated. As long as expired certificates are not revoked, they can be used to validate anything that was signed before their expiration.

For more information about how to remove root certificates from the store, click the following article number to view the article in the Microsoft Knowledge Base:
293819 (http://support.microsoft.com/kb/293819/) How to remove a root certificate from the Trusted Root Store

Back to the top

APPLIES TO
Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Premium
Windows Vista Home Basic
Windows Vista Ultimate
Windows Vista Business 64-bit Edition
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Datacenter Server

Back to the top

Keywords: 
kbinfo kbenv KB293781

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.