Trusted root certificates that are required by Windows Server 2003, by Windows XP, and by Windows 2000 (293781)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Datacenter Server
This article was previously published under Q293781

SUMMARY

As part of a public key infrastructure (PKI) trust management procedure, some administrators may choose to remove trusted root certificates from a Windows domain, server or client. However, the root certificates that are listed in the "More Information" section in this article are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them.

MORE INFORMATION

Necessary and trusted root certificates

The follow certificates are necessary and trusted root certificates in Microsoft Windows 2000 and later operating systems:
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Copyright (c) 1997 Microsoft Corp.Copyright (c) 1997 Microsoft Corp.0112/30/1999Time StampingMicrosoft Timestamp RootR
Microsoft Authenticode(tm) Root AuthorityMicrosoft Authenticode(tm) Root Authority0112/31/1999Secure Email, Code Signing Microsoft Authenticode(tm)RootR
Microsoft Root AuthorityMicrosoft Root Authority00c1008b3c3c8811d13ef663ecdf4012/31/2020<All>Microsoft Root AuthorityR
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.4a19d2388c82591ca55d735f155ddca31/7/2004Time StampingVeriSign Time Stamping CAR
VeriSign Commercial Software Publishers CAVeriSign Commercial Software Publishers CA03c78f37db9228df3cbb1aad82fa67101/7/2004Secure Email, Code SigningVeriSign Commercial Software Publishers CAR
Thawte Timestamping CAThawte Timestamping CA0012/31/2020Time StampingThawte Timestamping CAR
The follow certificate is also a necessary and trusted root certificate in Microsoft Windows XP and later operating systems:
Issued toIssued bySerial numberExpiration dateIntended purposesFriendly nameStatus
Microsoft Root Certificate AuthorityMicrosoft Root Certificate Authority79ad16a14aa0a5ad4c7358f407132e655/9/2021<All>Microsoft Root Certificate AuthorityR
As you may have noticed in the provided information, some of the certificates have expired. However, these certificates are necessary for backwards compatibility. Even if there is an expired trusted root certificate, anything that was signed with that certificate prior to the expiration date needs that trusted root certificate to be validated. As long as expired certificates are not revoked, it can be used to validate anything that was signed prior to its expiration.

For additional information about removing root certificates from the store, click the following article number to view the article in the Microsoft Knowledge Base:

293819 How to remove a root certificate from the Trusted Root Store

Modification Type:MajorLast Reviewed:3/8/2005
Keywords:kbenv kbinfo KB293781
©2004 Microsoft Corporation. All rights reserved.