The best practices for managing trusted certificate authorities in Windows Server 2003 (838427)

MORE INFORMATION

Microsoft maintains a list of trusted third-party commercial CAs to ensure secure and usable e-commerce for Microsoft Windows users. These CAs validate the identity and entitlement of an applicant. As an output of this process, these CAs issue the applicant a digital certificate. To better protect Microsoft customers from security issues that are related to the use of public key infrastructure (PKI) certificates, Microsoft maintains the Microsoft Root Certificate Program. This program defines and standardizes the criteria that the CAs must meet to be included in Microsoft products.

For more information about the Microsoft Root Certificate Program, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/news/rootcert.mspx

To view the current list of organizations who are participants in the Microsoft Root Certificate Program, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/rootcertprog.asp

Note Microsoft uses an independent third-party audit (WebTrust for Certificate Authorities), and other technical requirements to make sure that their customers have access to trustworthy CAs because not all CAs follow the same operational practices.

For information about how to turn off automatic updating of trusted root authority certificates, visit the following Microsoft Web site:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/sag_CMprocsautorootoff.asp

For information about how to disable trust of user-selected root CAs for a Windows Server 2003 domain, visit the following Microsoft Web site:

The best practices for managing trusted certificate authorities in Windows Server 2003 (838427)

INTRODUCTION

MORE INFORMATION