日本語
英語

Article ID: 931125 - Last Review: September 22, 2009 - Revision: 13.0

Windows root certificate program members

View products that this article applies to.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

On This Page

Expand all | Collapse all

INTRODUCTION

This article provides a download link to a list of the third-party certification authorities (CAs) that are trusted by Microsoft and whose root certificates are distributed via the Windows Root Certificate Program. As a Windows user, you can use the listed CAs for secure e-commerce. This article also includes a link to an update for root certificates.
Back to the top

UPDATE INFORMATION

Windows Root Certificate Program members

Click the following link to download the current list of Windows Root Certificate Program members:
http://download.microsoft.com/download/1/4/F/14F7067B-69D3-473A-BA5E-70D04AEA5929/Windows Root Certificate Program Members.pdf (http://download.microsoft.com/download/1/4/f/14f7067b-69d3-473a-ba5e-70d04aea5929/windows root certificate program members.pdf)
Back to the top

Update for Root Certificates

This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program.

Update for Root Certificates [September 2009] (KB931125)

The following file is available for download from the Microsoft Download Center:

Collapse this imageExpand this image
Download
Download the rootsupd.exe package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=c14f8940-71b7-41e3-8749-a00e01e22f17)

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Back to the top

MORE INFORMATION

CAs validate the identity and entitlement of an applicant. In this process, the applicant is issued a digital certificate. You can use digital certificates to prove the identity of a remote person or a remote resource.

To verify that Microsoft customers have access to trusted CAs, Microsoft uses "WebTrust for Certificate Authorities," ETSI TS 101 456, ETSI TS 102 042, ISO 21188, or an equivalent third-party audit tool. Additionally, Microsoft uses other technical requirements to maintain a list of trusted CAs.

For a list of all the current general and technical requirements of the Windows Root Certificate Program, visit the following Microsoft TechNet Web site for:
http://technet.microsoft.com/en-us/library/cc751157.aspx (http://technet.microsoft.com/en-us/library/cc751157.aspx)
For more information about the Microsoft root certificate program requirements, visit the following Microsoft TechNet Web site:
http://technet.microsoft.com/en-us/library/cc751157.aspx (http://technet.microsoft.com/en-us/library/cc751157.aspx)
For more information about the support for EV certificates in Internet Explorer 7, visit the following Web site:
http://www.microsoft.com/windows/products/winfamily/ie/ev/default.mspx (http://blogs.msdn.com/ie/archive/2006/11/07/improving-ssl-extended-validation-ev-ssl-certificates-coming-in-january.aspx)
Back to the top

How Windows updates root certificates

Windows XP, Windows Server 2003, and Windows Vista automatically check the list of trusted CAs on the Windows Update Web site. Then, Windows installs root certificates after the certificates are validated by an application of the user.

For more information about how Windows updates root certificates in Windows Vista, visit the following Web site:
http://technet2.microsoft.com/WindowsVista/en/library/bd925e62-8367-43b6-b2d5-a98de4ba6dbe1033.mspx?mfr=true (http://technet2.microsoft.com/WindowsVista/en/library/bd925e62-8367-43b6-b2d5-a98de4ba6dbe1033.mspx?mfr=true)
For more information about how Windows updates root certificates in Windows Server 2003, visit the following Web site:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/04_s3cer.mspx (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/04_s3cer.mspx)
For more information about how Windows updates root certificates in Windows XP, visit the following Web site:
http://technet.microsoft.com/en-us/library/bb457097.aspx (http://technet.microsoft.com/en-us/library/bb457097.aspx)
For more information about how Windows updates root certificates in Windows Server 2003, visit the following Web site:
http://technet.microsoft.com/en-us/library/bb457160.aspx (http://technet.microsoft.com/en-us/library/bb457160.aspx)
Notes
  • In Windows Server 2003, the issuer list cannot be greater than 0x3000. When you update root certificates, the list of trusted CAs increases significantly in size and may cause the list to grow too long. The list is then truncated and may cause problems with authorization. This behavior may also cause schannel event ID 36885.
  • The Root Update package is available for Windows XP client SKUs only. It is not available for Server SKUs. If you install the Root Update package on Server SKUs, you may exceed the limit for how many root certificates that Schannel can handle when reporting the list of roots to clients in a TLS or SSL handshake, as the number of root certificates distributed in the Root Update package exceeds that limit. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    933430  (http://support.microsoft.com/kb/933430/ ) Clients cannot make connections if you require client certificates on a Web site or if you use IAS in Windows Server 2003
Back to the top
APPLIES TO
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Starter
  • Windows Vista Ultimate
  • Microsoft Windows XP 64-Bit Edition Version 2002
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition 2005 Update Rollup 2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Web Edition
Back to the top
Keywords: 
kbhowto kbexpertiseinter kbinfo KB931125
Back to the top
 

お問い合わせ

マイクロソフトへ問い合わせる

Article Translations