Microsoft’s Trusted Root Certificates program manages root certificates, providing your Windows machines a no-hassle way to accept trusted certificates, making your computing experience more seamless, while maintaining the value of signed certificates.
Over the past year, Microsoft has been working on changes to the program, and have implemented more stringent technical and auditing requirements for Certificate Authorities to have their root certificates listed as Trusted. As part of that effort, a number of authorities are being removed from the program, either choosing to leave voluntarily, or not meeting the latest requirements.
That leaves open the possibility that some certificates formerly marked as trusted will now flag a certificate as not trusted:
The certificate-dependent services you manage will be impacted if the certificates you use chain up to a root certificate Microsoft removes from the store. Though the actual screens and text vary depending on which browser a customer is using, here’s what will usually happen:
If you use one of these certificates to secure connections to your server over https, when a customer attempts to navigate to your site, that customer will see a message that there is a problem with the security certificate.
If you use one of these certificates to sign software, when a customer attempts to install that software on a Windows operating system, Windows will display a warning that the publisher may not be trusted. In either case, the customer may choose to continue.
If you manage certificates for sites or software, Microsoft encourages you to review the list and take appropriate action. If you’re an end user who hits an untrusted notice from a site or product that previously didn’t have problems, it may be that you’re running into one of these delisted certificates, and you can proceed, of course, with caution.Further reading: Microsoft