With hopes to provide a more seamless and secure experience of Windows apps, Microsoft will be thinning out the ranks of its Trusted Root Certificate programme.
Microsoft says 20 trusted Certificate Authorities (CAs) are being dropped. This will leave the applications and websites signed with the certificates untrusted, leading users to get warnings when they are launched.
The decision to eliminate CAs came about when Microsoft decided to set a stricter set of audits and requirements for the programme in June 2015. Any CAs that can't (or will not) meet Microsoft's security requirements will be removed.
Microsoft enterprise and security group programme manager Aaron Kornblum wrote in a blog, “Since [June 2015], we have been working, directly and through community forums, to help our partners understand and comply with the new programme requirements. Through this effort, we identified a few partners who will no longer participate in the programme, either because they have chosen to leave voluntarily or because they will not be in compliance with the new requirements.”
A full list of CAs to be removed in January 2016 can be found in Kornblum's blog.