By 2031, Microsoft will have deprecated this root. Transition planning is crucial for:
Microsoft will likely:
Microsoft does not keep a single root certificate forever. Cryptographic standards evolve, and algorithms (like SHA-1) become obsolete. The "2011" in the name marks a pivotal transition. microsoft root certificate authority 2011.cer
As of 2024-2025, Microsoft has transitioned to newer roots such as:
The 2011 root is still trusted but considered "legacy". Microsoft is slowly encouraging a shift to the 2017 roots. By 2031, Microsoft will have deprecated this root
If you manage an enterprise fleet of Windows machines, do not ignore the Trusted Root Store.
Some security "hardening" scripts recommend deleting all non-corporate roots. If you delete microsoft root certificate authority 2011.cer, you will break Microsoft services. Instead, use Certificate Pinpointing or the Enterprise Trusted Root Store. Microsoft will likely:
The microsoft root certificate authority 2011.cer plays several critical roles: