Return to site
Return to site

Windows 10 Root Certificate Update

broken image


-->

Windows 10 Update Root Certificates Feature Isn't Enabled

On Tuesday, August 25th, 2020, Microsoft will release a planned update to the Microsoft Trusted Root Certificate Program.

In Internet Explorer, click Tools, and then click Internet Options. On the Security tab, click the Trusted Sites icon. Click Sites and then add these website addresses one at a time to the list: You can only add one address at a time and you must click Add after each one. ConfigMgr simply 'pushes' Windows Updates. I don't think the root cert updates are part of any actual Windows Updates so this won't do it for you. As noted, I don't think they are part of a specific update which is all WSUS and thus ConfigMgr can deploy. The Windows Updates ones. The Windows Root Certificate Program enables trusted root certificates to be distributed automatically in Windows.Usually, a client computer polls root certificate updates one time a week. After you apply this update, the client computer can receive urgent root certificate updates within 24 hours. Windows 10 has built-in certificates and automatically updates them. However, you can still manually add more root certificates to Windows 10 from certificate authorities (CAs). There are numerous certificate issuing authorities, with Comodo and Symantec among the best known. How can I add Windows 10 root certificates manually?

Windows 10 Root Certificate Update

This release will NotBefore the following roots (CA Root Certificate SHA-1 Thumbprint):

  1. China Financial Certification Authority (CFCA) China Financial CA EABDA240440ABBD694930A01D09764C6C2D77966
  2. LuxTrust LuxTrust Global Root 2 1E0E56190AD18B2598B20444FF668A0417995F3F

This release will NotBefore the Code Signing EKU to the following roots: Cancan college st paul mo.

  1. China Financial Certification Authority (CFCA) CFCA EV ROOT E2B8294B5584AB6B58C290466CAC3FB8398F8483
  2. Chunghwa Telecom Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority 67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0
  3. Chunghwa Telecom ePKI Root Certification Authority - G2 D99B104298594763F0B9A927B79269CB47DD158B
  4. DigiCert Symantec Enterprise Mobile Root for Microsoft 92B46C76E13054E104F230517E6E504D43AB10B5
  5. Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI) Autoridade Certificadora Raiz Brasileira v2 A9822E6C6933C63C148C2DCAA44A5CF1AAD2C42E
  6. Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA) CCA India 2015 SPL 3BC6DCE00307BD676041EBD85970C62F8FDA5109
  7. Izenpe S.A. Izenpe.com 30779E9315022E94856A3FF8BCF815B082F9AEFD
  8. Korea Information Security Agency (KISA) KISA RootCA 1 027268293E5F5D17AAA4B3C3E6361E1F92575EAA
  9. NetLock Ltd. NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado 016897E1A0B8F2C3B134665C20A727B7A158E28F
  10. SI-TRUST SI-TRUST Root 3A4979B40FA841488200B582FBEEB63AAB9919AE

This release will Disallow the OCSP EKU to the following roots:

  1. Chunghwa Telecom Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority 67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0
  2. DigiCert Baltimore CyberTrust Root D4DE20D05E66FC53FE1A50882C78DB2852CAE474
  3. Government of Spain, Dirección General de la Policía ? Ministerio del Interior ? España. AC R AIZ DNIE B38FECEC0B148AA686C3D00F01ECC8848E8085EB
  4. Korea Information Security Agency (KISA) KISA RootCA 1 027268293E5F5D17AAA4B3C3E6361E1F92575EAA
  5. SI-TRUST SI-TRUST Root 3A4979B40FA841488200B582FBEEB63AAB9919AE

This release will NotBefore the EFS EKU to the following roots:

  1. Austrian Society for Data Protection (Arge Daten) (GlobalTrust) GLOBALTRUST 342CD9D3062DA48C346965297F081EBC2EF68FDC
  2. China Financial Certification Authority (CFCA) CFCA EV ROOT E2B8294B5584AB6B58C290466CAC3FB8398F8483
  3. Chunghwa Telecom Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority 67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0
  4. Chunghwa Telecom ePKI Root Certification Authority - G2 D99B104298594763F0B9A927B79269CB47DD158B
  5. Entrust AffirmTrust Premium D8A6332CE0036FB185F6634F7D6A066526322827
  6. Entrust AffirmTrust Commercial F9B5B632455F9CBEEC575F80DCE96E2CC7B278B7
  7. Entrust Entrust Root Certification Authority B31EB1B740E36C8402DADC37D44DF5D4674952F9
  8. Entrust AffirmTrust Premium ECC B8236B002F1D16865301556C11A437CAEBFFC3BB
  9. Entrust Entrust.net Certification Authority (2048) 503006091D97D4F5AE39F7CBE7927D7D652D3431
  10. Entrust Entrust Root Certification Authority - G2 8CF427FD790C3AD166068DE81E57EFBB932272D4
  11. Entrust AffirmTrust Networking 293621028B20ED02F566C532D1D6ED909F45002F
  12. Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) GDCA TrustAUTH R5 ROOT 0F36385B811A25C39B314E83CAE9346670CC74B4
  13. Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI) Autoridade Certificadora Raiz Brasileira v2 A9822E6C6933C63C148C2DCAA44A5CF1AAD2C42E
  14. Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA) CCA India 2015 SPL 3BC6DCE00307BD676041EBD85970C62F8FDA5109
  15. Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA) CCA India 2014 A2B86B5A68D92819D9CE5DD6D7969A4968E11991
  16. IdenTrust Services, LLC IdenTrust Public Sector Root CA 1 BA29416077983FF4F3EFF231053B2EEA6D4D45FD
  17. IdenTrust Services, LLC DST Root CA X3 DAC9024F54D8F6DF94935FB1732638CA6AD77C13
  18. OISTE OISTE WISeKey Global Root GC CA E011845E34DEBE8881B99CF61626D1961FC3B931
  19. SI-TRUST SI-TRUST Root 3A4979B40FA841488200B582FBEEB63AAB9919AE

This release will NotBefore the IP Security EKUs to the following roots:

  1. Austrian Society for Data Protection (Arge Daten) (GlobalTrust) GLOBALTRUST 342CD9D3062DA48C346965297F081EBC2EF68FDC
  2. China Financial Certification Authority (CFCA) CFCA EV ROOT E2B8294B5584AB6B58C290466CAC3FB8398F8483
  3. Chunghwa Telecom Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority 67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0
  4. Entrust AffirmTrust Premium D8A6332CE0036FB185F6634F7D6A066526322827
  5. Entrust AffirmTrust Commercial F9B5B632455F9CBEEC575F80DCE96E2CC7B278B7
  6. Entrust Entrust Root Certification Authority B31EB1B740E36C8402DADC37D44DF5D4674952F9
  7. Entrust AffirmTrust Premium ECC B8236B002F1D16865301556C11A437CAEBFFC3BB
  8. Entrust Entrust.net Certification Authority (2048) 503006091D97D4F5AE39F7CBE7927D7D652D3431
  9. Entrust Entrust Root Certification Authority - G2 8CF427FD790C3AD166068DE81E57EFBB932272D4
  10. Entrust AffirmTrust Networking 293621028B20ED02F566C532D1D6ED909F45002F
  11. Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI) Autoridade Certificadora Raiz Brasileira v2 A9822E6C6933C63C148C2DCAA44A5CF1AAD2C42E
  12. Izenpe S.A. Izenpe.com 30779E9315022E94856A3FF8BCF815B082F9AEFD

This release will add to the following roots:

  1. Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI) Autoridade Certificadora Raiz Brasileira v10 6C155ED7271A904A0DC040F0C857FF53BF6DB290

Note

  • Windows 10 allows us to stop trusting roots or EKU's using the 'NotBefore' or 'Disable' properties, both of which allow us to remove certain capabilities of the root certificate without complete removal. These features are not available on versions prior to Windows 10. Earlier versions of Windows will be unaffected by this change.
  • The NotBefore and Disable dates are set for the first day of the release month.
  • The update package will be available for download and testing at: https://aka.ms/CTLDownload
  • Signatures on the Certificate Trust Lists (CTLs) for the Microsoft Trusted Root Program changed from dual-signed (SHA-1/SHA-2) to SHA-2 only. No customer action required. For more information, please visit: https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
-->

The Microsoft Trusted Root Certificate Program releases changes to our Root Store on a monthly cadence, except for December. The public can expect the following cadence for releases:

  1. Additions and non-deprecating modifications will be completed any month
  2. Certificate Authority (CA)-initiated and CA-confirmed deprecations will occur on even numbered months
  3. Microsoft-initiated deprecations will occur in February and August releases

If you are a certificate user who has active certificates chaining up to a deprecating root, please reach out to your CA to understand how changes may impact your certificates.Update packages will be available for download and testing at https://aka.ms/CTLDownload

Please note, the changes listed are accurate at the time of posting but are subject to change.

A list of Root Store participants, updated monthly, can be found here: https://aka.ms/trustcertpartners.

2020

MonthDate of ReleaseRelease Notes
OctoberOctober 27Deployment Notice Posted October 27
SeptemberSeptember 29Deployment Notice Posted September 29
SeptemberSeptember 3Deployment Notice Posted September 3
AugustAugust 25Deployment Notice Posted August 18
JulyJuly 28Deployment Notice Posted July 27
JuneJune 30Deployment Notice Posted June 9
MayMay 19Deployment Notice Posted May 19
AprilApril 28Deployment Notice Posted April 21
AprilNotice Posted April 1
MarchMarch 24thDeployment Notice Posted March 18
FebruaryFebruary 25thDeployment Notice Posted February 3
JanuaryJanuary 28Deployment Notice Posted January 22

2019

MonthDate of ReleaseRelease Notes
OctoberNovember 5Deployment Notice Posted October 11
AugustAugust 14Deployment Notice Posted August 14
AugustAugust 27Deployment Notice Posted August 2
JulyJuly 10Deployment Notice Posted July 11
JulyJuly 30Deployment Notice Posted July 2
JuneJuly 2Deployment Notice Posted June 5
MayMay 28Deployment Notice Posted May 1
AprilApril 30Deployment Notice Posted April 15
MarchMarch 26Deployment Notice Posted March 6
FebruaryMarch 5Deployment Notice Posted February 19
JanuaryJanuary 29Deployment Notice Posted January 23

2018

Windows 10 Root Certificate Update Download

2018 and earlier coming soon





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save