Managing trust of third-party certification authorities

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Managing trust of third-party certification authorities

By default, when you install Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition, a large number of certification authority (CA) certificates are listed in the Third-Party Root Certification Authorities physical store.

To view the certificates in this store, you can follow the procedures in Manage certificates for a computer and Display certificate stores storage structure. In the console tree, click Certificates -Certificate Holder, click Third-Party Root Certification Authorities, and then click Certificates.

The Third-Party Root Certification Authorities store contains the trusted root certification authorities (CAs) from companies outside your organization. Administrators can disable the trust of these CAs by selecting Trusted Root Certification Authorities only option in Group Policy. Then, when users access any secure Web site that is validated by one of the third-party root CAs, they receive a security alert message that informs them that the site is not trusted.

To disable trust in third-party root CAs for a domain (or for any Group Policy object), see Disable trust of third-party root CAs for a Windows Server 2003 domain.

For more information, see Managing trust of user-selected certification authorities and Certificate stores.