Article ID: 293781 - Last Review: November 29, 2007 - Revision: 8.1

Trusted root certificates that are required by Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows XP, and by Windows 2000

View products that this article applies to.
This article was previously published under Q293781

On This Page

Expand all | Collapse all

INTRODUCTION

As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, the root certificates that are listed in the "More Information" section in this article are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them.
Back to the top

MORE INFORMATION

Necessary and trusted root certificates

The follow certificates are necessary and trusted in Windows Vista and in Windows Server 2008:
Collapse this tableExpand this table
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Microsoft Root Certificate AuthorityMicrosoft Root Certificate Authority79ad16a14aa0a5ad4c7358f407132e655/9/2021AllMicrosoft Root Certificate AuthorityR

The follow certificates are necessary and trusted in Windows XP and in Windows Server 2003:
Collapse this tableExpand this table
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Copyright (c) 1997 Microsoft Corp.Copyright (c) 1997 Microsoft Corp.0112/30/1999Time StampingMicrosoft Timestamp RootR
Microsoft Authenticode(tm) Root AuthorityMicrosoft Authenticode(tm) Root Authority0112/31/1999Secure E-mail, Code Signing Microsoft Authenticode(tm) RootR
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.4a19d2388c82591ca55d735f155ddca31/7/2004Time StampingVeriSign Time Stamping CAR
VeriSign Commercial Software Publishers CAVeriSign Commercial Software Publishers CA03c78f37db9228df3cbb1aad82fa67101/7/2004Secure E-mail, Code SigningVeriSign Commercial Software Publishers CAR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Microsoft Root Certificate AuthorityMicrosoft Root Certificate Authority79ad16a14aa0a5ad4c7358f407132e655/9/2021AllMicrosoft Root Certificate AuthorityR
The follow certificates are necessary and trusted in Microsoft Windows 2000:
Collapse this tableExpand this table
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Copyright (c) 1997 Microsoft Corp.Copyright (c) 1997 Microsoft Corp.0112/30/1999Time StampingMicrosoft Timestamp RootR
Microsoft Authenticode(tm) Root AuthorityMicrosoft Authenticode(tm) Root Authority0112/31/1999Secure E-mail, Code Signing Microsoft Authenticode(tm) RootR
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020AllMicrosoft Root AuthorityR
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.4a19d2388c82591ca55d735f155ddca31/7/2004Time StampingVeriSign Time Stamping CAR
VeriSign Commercial Software Publishers CAVeriSign Commercial Software Publishers CA03c78f37db9228df3cbb1aad82fa67101/7/2004Secure E-mail, Code SigningVeriSign Commercial Software Publishers CAR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there is an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate be validated. As long as expired certificates are not revoked, they can be used to validate anything that was signed before their expiration.

For more information about how to remove root certificates from the store, click the following article number to view the article in the Microsoft Knowledge Base:
293819  (http://support.microsoft.com/kb/293819/ ) How to remove a root certificate from the Trusted Root Store
Back to the top
APPLIES TO
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Premium
  • Windows Vista Home Basic
  • Windows Vista Ultimate
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server
Back to the top
Keywords: 
kbinfo kbenv KB293781
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations